Symantec claims to have successfully sinkholed a significant part of the ZeroAccess botnet, which has been active since 2011 and is one of the largest known botnets in existence – with upwards of 1,9-million infected computers, generating tens of millions of dollars annually.
The company says it has sinkholed more than half-a-million bots, making a serious dent to the number of bots under the attacker’s control. Symantec is actively working with ISPs and CERTs worldwide to help get infected machines cleaned up.
ZeroAccess has a highly technical and sophisticated infrastructure that uses a peer-to-peer architecture giving the botnet a high degree of redundancy with no central command and control server. It also uses various advanced methods to survive on infected machines.
The botnet leverages click-fraud and Bitcoin mining to carry out two revenue generating activities, potentially earning tens of millions of dollars per year in the process.