The Sirefef botnet, which has infected almost 2-million computers around the world and siphoned off $2,7-million a month has been taken down.
For the third time this year, Microsoft’s Digital Crimes Unit has successfully disrupted a dangerous botnet, Richard Domingues Boscovich, assistant general counsel, Microsoft Digital Crimes Unit, writes on the Microsoft official blog.
“Today, we are pleased to announce that Microsoft, in conjunction with Europol’s European Cybercrime Centre (EC3), the Federal Bureau of Investigation and technology industry leaders such as A10 Networks, has taken action against the rampant Sirefef botnet, also known as ZeroAccess.
“The ZeroAccess botnet has infected nearly 2-million computers all over the world and cost online advertisers upwards of $2,7-million each month.
“ZeroAccess targets all major search engines and browsers, including Google, Bing and Yahoo!.
“The majority of computers infected with ZeroAccess are located in the US and Western Europe.
“Similar to the Bamital botnet, which Microsoft and industry partners took action against in February, ZeroAccess is responsible for hijacking search results and directing people to potentially dangerous Web sites that could install malware onto their computer, steal their personal information or fraudulently charge businesses for online advertisement clicks. ZeroAccess also commits click fraud.
“Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today, and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers.
“Most often, computers become infected with ZeroAccess as a result of ‘drive-by-downloads’, where the cybercriminals create a Web site that downloads malware onto any unprotected computer that happens to visit that site.
“Computers can also become infected through counterfeit and unlicensed software, where criminals disguise ZeroAccess as legitimate software, tricking a person into downloading the ZeroAccess malware onto their computer.
“Because of the sophistication of the threat, Microsoft and its partners do not expect to fully eliminate the ZeroAccess botnet.
“However, we do expect this legal and technical action will significantly disrupt the botnet’s operation by disrupting the cybercriminals’ business model and forcing them to rebuild their criminal infrastructure, as well as preventing victims’ computers from committing the fraudulent schemes. We would like to thank A10 Networks, who provided Microsoft with advanced technology to support the disruptive action.
“Microsoft is working with ecosystem partners around the world to notify people if their computer is infected, and will be making this information available through its Cyber Threat Intelligence Programme (C-TIP). ZeroAccess is very sophisticated malware, blocking attempts to remove it, and we therefore recommend that people visit http://support.microsoft.com/botnets for detailed instructions on how to remove this threat.
“Because Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or anti-virus software as quickly as possible.”