Earlier this month, Microsoft announced that it had worked with the FBI and other law enforcement groups and organizations to disrupt the criminal Sirefef botnet, better known as ZeroAccess. Today, the company announced that the mysterious creators of the botnet have now apparently abandoned their efforts to keep it online.
Microsoft did not expect for the botnet to be completely shut down due to this operation. Indeed, the company stated that less than a day after their attempt at a disruption, the team behind ZeroAccess had updated the many PCs infected with their malware so they could continue their activities.
However, Microsoft said that this time their Digital Crimes Unit was able to find the new IP addresses that the people behind the botnet were using for this attempted revival. That information was sent to Europol's European Cybercrime Centre (EC3) and local law enforcement groups, such as Germany's Bundeskriminalamt's (BKA) Cyber Intelligence Unit, which helped to shut down those new IP addresses.
Microsoft said that the PCs infected by the ZeroAccess code were then sent one final update by their makers which had the message "WHITE FLAG". The company believes that means the criminals behind the botnet have signaled they are giving up on their attempts to revive their activities. Microsoft said that because of this digital surrender, it has now closed the civil case against the ZeroAccess botnet so that law enforcement authorities can continue their investigations.
The blog added:
We would like to thank all of our partners for their work to combat the ZeroAccess botnet. Microsoft is committed to protecting the public from cyber threats, and trustworthy partnership with the research and law-enforcement community is a critical component of this. We will continue to work closely with the security community globally in disruptive actions that help protect our customers and put cybercriminals out of business.
While Microsoft has helped to shut down a number of botnets in the past few years, this is the first such case that was handled by the company's new Cybercrime Center, which opened in November in Redmond, Washington.
Source: Microsoft | Image via Microsoft