The ZeroAccess botnet is one of the largest known botnets in existence today with a population upwards of 1.9 million computers, on any given day, as observed by Symantec in August 2013. A key feature of the ZeroAccess botnet is its use of a peer-to-peer (P2P) command-and-control (C&C) communications architecture, which gives the botnet a high degree of availability and redundancy.
Sinkholing the botnet
Symantec engineers began to study in detail the mechanism used by ZeroAccess bots to communicate with each other to see how the botnet could be sinkholed.
ZeroAccess: the courier service – Given its construction and behavior, ZeroAccess appears to be primarily designed to deliver payloads to infected computers.
In a ZeroAccess botnet, the productive activity (from an attacker’s point of view) is performed by the payloads downloaded to compromised computers, which boil down to two basic types, both aimed at revenue generating activities.
Click fraud: One type of payload we’ve seen is the click fraud Trojan. The Trojan downloads online advertisements onto the computer and then generates artificial clicks on the ads as if they were generated by legitimate users. These false clicks count for pay-outs in pay-per-click (PPC) affiliate schemes.
Bitcoin mining: The virtual currency holds a number of attractions for cybercriminals. The way each bitcoin comes into existence is based on the carrying out of mathematical operations known as “mining” on computing hardware. This has direct value to the botmaster and a cost to unsuspecting victims; we took a closer look at the economics and impact of this activity using some old computers available in our labs.
They looked at both click fraud and bitcoin mining but focussed on the latter because it is potentially the most intensive activity undertaken by the bots and has a direct economic value to the botmaster. cost/impact is likely to be for the whole botnet.
We have also created an infographic that summarizes the key facts and figures about the ZeroAccess Trojan.
Hello, i think that i saw you visited my website so i came to ?return the favor?.I’m trying to find things to enhance my website!I suppose its ok to use some of your ideas!!
256894 489481Thank you for your extremely excellent info and feedback from you. san jose car dealers 21398
951121 437007dog grooming may be the specialty of my sister, she genuinely loves grooming every dog in our house 469341
335706 603618Spot on with this write-up, I truly assume this site wants significantly a lot more consideration. probably be once more to read significantly far more, thanks for that information. 488133
868174 204375Hi there, i just thought i would publish and now let you know your web sites style is genuinely smudged within the K-Melon browser. Anyhow sustain in the quite great work. 918782
622849 249804An attention-grabbing dialogue is value comment. Im positive that its much better to write on this subject, towards the often be a taboo subject but typically persons are not sufficient to speak on such topics. To yet another location. Cheers 151416
777784 699647Great internet site you got here! Please keep updating, I will def read far more. Itll be in my bookmarks so much better update! 65545
493924 342977I love your writing style truly enjoying this internet web site . 241848