Europol, Microsoft Target 2-Million Strong ZeroAccess Click Fraud Botnet

tsu doh nimh writes "Authorities in Europe joined Microsoft Corp. this week in disrupting 'ZeroAccess,' a vast botnet that has enslaved more than two million PCs with malicious software in an elaborate and lucrative scheme to defraud online advertisers. KrebsOnSecurity.com writes that it remains unclear how much this coordinated action will impact the operations of ZeroAccess over the long term, but for now the PCs infected with the malware remain infected and awaiting new instructions. ZeroAccess employs a peer-to-peer architecture in which new instructions and payloads are distributed from one infected host to another. The actions this week appear to have targeted the servers that deliver a specific component of ZeroAccess that gives infected systems new instructions on how to defraud various online advertisers, including Microsoft. While this effort will not disable the ZeroAccess botnet (the infected systems will likely remain infected), it should allow Microsoft to determine which online affiliates and publishers are associated with the miscreants behind ZeroAccess, since those publishers will have stopped sending traffic directly after the takedown occurred. Europol has a released a statement on this action, and Microsoft has published a large number of documents related to its John Doe lawsuits intended to unmask the botnet the ZeroAccess operators and shut down the botnet."

Re:Cheaper

[tlhIngan]

Not sure if you guys are trolling or just misinformed. Windows bugs have long since ceased to be the exploit mechanism for viruses; last time I saw a breakdown on it (a year or so ago) it was something like 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, and a small percentage of OS vulnearabilities.

Additionally, since Vista, Windows' "security" has generally been as good or better than its competitors; it had strong ASLR before OSX / Linux, for starters. The issue is that none of that stuff protects against A) buggy plugins, or B) user-executed viruses (aka trojans). The other big issue is that theres been a ton of misinformation on the issue, particularly by Apple's marketing; Im really not clear why anyone would take advertising at face value, or assume that it is technically accurate. Didnt Apple fall FIRST in the first 5-6 Pwn2Own competitions?

And those vulnerabilities exist just to run user-mode worms, in the end - because having an administrator prompt suddenly appear without warning is a sure sign of an infection.

Despite all the rootkits and other stuff, if they can't find a privilege escalation hole, it runs in the background as a user-mode process - you don't need to be root to connect to port 25 or read a user's files, after all.

As for Pwn2Own, the results really are meaningless - if you break OS X, you win a MacBook. If you break Windows, you get a Sony laptop. If you break Linux, you get a Dell. And they aren't necessarily the nicest machines on the lineup, either.

Well geez, Apple, Sony, Dell. If you wanted a new laptop, which do you pick? Most people DO like the looks of a MacBook Pro (even the lowest end configuration is still a nice looking laptop). Then likely Sony comes next (their laptops are fairly good looking). Which leaves the Dell, for those who just want a laptop and try to avoid the massive crowds going for the more desirable units.

Results may be more interesting if they all were Macbooks or something so they'd all be equally desirable.

It's just the same if you offered up an iPhone 5s, a Galaxy S4, a Blackberry Q10 or Z10 and other phones. The iPhone will go first (generally), followed by the Galaxy S4 (it's still a nice phone), and BlackBerry probably will "survive" - does it make their OS more secure? Or just less desirable?

Re:Cheaper

[mspohr]

Why are there no botnets of Mac or Linux machines? It's all Windows.
I know Windows is more "popular". Is that why the popular girls and guys always are infected?
Since most Mac and Linux machines run without any anti-virus software, you would think they would be easy targets... unless, of course, there was something about the OS itself which was better than Windows (duh).
Also, you have to stop blaming the users for the problems with Windows. I don't think Mac or Linux users are any smarter but they seem to avoid these nasty infections.