Earlier this week, you may have read about the 'Pony' botnet, which has so far succeeded in exposing around two million passwords from around the world. The fight against botnets and related malware is something of an endless task - this year has seen numerous high-profile take-downs of massive botnets, including 'Bamital', 'Citadel' and 'Rustock'.
Today, Microsoft announced that - in collaboration with the FBI, Europol's European Cybercrime Centre (EC3) and industry partners - it has succeeded in disrupting what it described as a "rampant botnet", responsible for infecting almost two million computers worldwide. The 'Sirefef' botnet, known also as 'ZeroAccess', interferes with users' web searches, targeting results from leading search providers including Google and Bing.
A glimpse inside Microsoft's Cybercrime Center
ZeroAccess has been engineered to hijack search results; web users see what appears to be an ordinary results page, but when they click on a link, they are redirected to entirely different and irrelevant sites in order to cash in on the money being generated by their ad clicks. Microsoft adds that the botnet is also responsible for "click fraud, which occurs when advertisers pay for clicks that are not the result of legitimate, interested human users' clicks, but are the result of automated Web traffic and other criminal activity."
ZeroAccess is believed to cost online advertisers as much as $2.7m a month, with an estimated 800,000 ZeroAccess-infected PCs connecting to the web every day. The head of EC3, Troels Oerting, said that "this operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies... to identify and investigate the criminal organizations and networks behind these dangerous botnets that use malicious software to gain illicit profits."
The disruption of ZeroAccess is Microsoft's first botnet action since it opened its new Cybercrime Center in mid-November, but there is still much work to be done. The company says that ZeroAccess is "one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts". Microsoft adds that it "does not expect to fully eliminate the ZeroAccess botnet due to the complexity of the threat", but collaborations with law enforcement and industry partners will help to significantly disrupt its operation.
It adds that ZeroAccess is "very sophisticated malware, blocking attempts to remove it... [and] disables security features on infected computers, leaving the computer susceptible to secondary infections". The company advises that users visit its online botnet support center for detailed instructions on removing the threat from their systems without delay.
Source: Microsoft | image via Microsoft