Friday, December 6, 2013

Microsoft, Feds Disrupt ZeroAccess Botnet

from pcmag.com




Microsoft Cybercrime Center


Microsoft today announced that it has "successfully disrupted" the ZeroAccess botnet, which has infected nearly 2 million computers all over the world, and cost online advertisers more than $2.7 million each month.
Redmond worked in conjunction with Europol's European Cybercrime Centre (EC3), the FBI, and tech firms like A10 Networks to take action against ZeroAccess, also known as Sirefef.
Microsoft also filed suit in Texas district court that seeks a preliminary injunction directing U.S. Internet Service Providers and other entities in control of the Internet domains and IP Addresses to disable access to the botnet and preserve any content and material associated with it to help with Microsoft's case.
Microsoft noted that the sophisticated nature of ZeroAccess means that it has not been fully eliminated, but "we do expect this legal and technical action will significantly disrupt the botnet's operation by disrupting the cybercriminals' business model and forcing them to rebuild their criminal infrastructure, as well as preventing victims' computers from committing the fraudulent schemes," Richard Domingues Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, said in a statement.
According to Microsoft, ZeroAccess targets major search engines like Google, Yahoo, and Bing and hijacks search results, redirecting users to dangerous websites that could install malware on their PCs. The scammers could then steal personal information or fraudulently charge businesses for online advertisement clicks. Criminals have also disguised ZeroAccess as legitimate software, tricking people into downloading it.
ZeroAccess is difficult to target because it relies "on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers." That makes it "one of the most robust and durable botnets in operation today," Microsoft said.
Redmond said it is working with partners to notify people if their PCs are infected. The company also recommended that people visit support.microsoft.com/botnets for information about how to remove the threat.
"Because Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or anti-virus software as quickly as possible," Microsoft said.
The ZeroAccess attack is the first botnet action Microsoft has taken since the launch of its new Cybercrime Center last month.
In June, Microsoft also disrupted more than 1,000 botnets used to steal people's banking information and identities. The malware, dubbed Citadel, resulted in losses of more than $500 million and affected more than 5 million people.
Earlier this week, meanwhile, Trustwave's SpiderLabs dug into source code from the Pony botnet, which was recently made public, and made some startling discoveries. The botnet managed to steal credentials for: 1.58 million websites; 320,000 email accounts; 41,000 FTP accounts; 3,000 remote desktops; and 3,000 secure shell accounts.

No comments:

Post a Comment