Europol, Microsoft Target 2-Million Strong ZeroAccess Click Fraud Botnet

tsu doh nimh writes "Authorities in Europe joined Microsoft Corp. this week in disrupting 'ZeroAccess,' a vast botnet that has enslaved more than two million PCs with malicious software in an elaborate and lucrative scheme to defraud online advertisers. KrebsOnSecurity.com writes that it remains unclear how much this coordinated action will impact the operations of ZeroAccess over the long term, but for now the PCs infected with the malware remain infected and awaiting new instructions. ZeroAccess employs a peer-to-peer architecture in which new instructions and payloads are distributed from one infected host to another. The actions this week appear to have targeted the servers that deliver a specific component of ZeroAccess that gives infected systems new instructions on how to defraud various online advertisers, including Microsoft. While this effort will not disable the ZeroAccess botnet (the infected systems will likely remain infected), it should allow Microsoft to determine which online affiliates and publishers are associated with the miscreants behind ZeroAccess, since those publishers will have stopped sending traffic directly after the takedown occurred. Europol has a released a statement on this action, and Microsoft has published a large number of documents related to its John Doe lawsuits intended to unmask the botnet the ZeroAccess operators and shut down the botnet."

"Click fraud"

[i kan reed]

The term "Click fraud" didn't use to bother me, as a concept. Now it's just a symbol of getting a little bit of disinformation in on a horrendous web-based spying and manipulation industry. I don't sympathize with those trying to extract money from advertisers by lying, but I'm 100% behind their collective bankruptcy.

Re:

[0123456]

I sometimes wonder whether anyone ever really clicks on an Internet ad, or it's all just bots. I guess a few people must do so now and again, if only by accident.

Re:

[mspohr]

I click ads on Slashdot (even though I could disable them) in order to support the site. I've even bought stuff this way.

Re:

[mythosaz]

Yup. Some of us actually believe in supporting the sites we use, which in some cases means submitting to their advertising in exchange for their content.

...and doing so without a rant about how the HTTP standard means I can only pull the parts I want because I lack the understanding of how society works.

[Cue the hosts file spam...]

Re: "Click fraud"

[alen]

Most advertising is for branding, not immediate sales

The idea is to pester you with the name so when you need it you think of the branded products first. Or you think they are good quality

Like breakfast cereal running ads during cartoons in the 80's or using sports stars to hype products

Re:

[0123456]

Yeah, that's what advertisers say when they're trying to justify their existence and can't prove any immediate benefit.

It's also irrelevant to this article about click-bots, because they're clearly being paid for people clicking on the ads.

Re:

[gl4ss]

oh but this is more about the cartoon company lying about the amount of their viewers..

Re:

[Bob the Super Hamste]

I have and the company even got a sale because the ad words the bought from Google did a better job of matching my search than Google's search engine. Granted I was looking for a company to do titanium nitride coating on a project I was working on so not something that most people search for.

More fraud

[Runaway1956]

Most advertising is fraudulent - defrauding the fraudsters is really a crime?

Re:

[Anonymous Coward]

Is murdering murders a crime?

Re:

[CCarrot]

Is murdering murders a crime?

Hey! What do you have against crows??

Re:

[sjames]

Only sometimes.

Re:

[IamTheRealMike]

Most advertising is fraudulent

Lol. Citation needed.

I would like to live on your planet

[quixote9]

There are no snake oil salesmen. Fast food companies promise fat and pimples, not skateboarding youth and beauty. And when there's a 4-wheel drive SUV on a mountain peak, they're always careful to show you the helicopter putting it there.

Cheaper

[Anonymous Coward]

Looks like it's much cheaper for Microsoft to have a "digital crimes unit" and let the government do the rest on behalf of the tax payer than to make their shitty operating system halfway secure in the first place.

Re:

[mspohr]

I haven't used Windows in years but I thought that Microsoft was trying to make Windows more secure... I guess that was just PR.
I can't believe that people put up with all the malware on Windows... it has to be a huge security threat.

Re:Cheaper

[LordLimecat]

Not sure if you guys are trolling or just misinformed. Windows bugs have long since ceased to be the exploit mechanism for viruses; last time I saw a breakdown on it (a year or so ago) it was something like 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, and a small percentage of OS vulnearabilities.

Additionally, since Vista, Windows' "security" has generally been as good or better than its competitors; it had strong ASLR before OSX / Linux, for starters. The issue is that none of that stuff protects against A) buggy plugins, or B) user-executed viruses (aka trojans). The other big issue is that theres been a ton of misinformation on the issue, particularly by Apple's marketing; Im really not clear why anyone would take advertising at face value, or assume that it is technically accurate. Didnt Apple fall FIRST in the first 5-6 Pwn2Own competitions?

Re:Cheaper

[tlhIngan]

Not sure if you guys are trolling or just misinformed. Windows bugs have long since ceased to be the exploit mechanism for viruses; last time I saw a breakdown on it (a year or so ago) it was something like 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, and a small percentage of OS vulnearabilities.

Additionally, since Vista, Windows' "security" has generally been as good or better than its competitors; it had strong ASLR before OSX / Linux, for starters. The issue is that none of that stuff protects against A) buggy plugins, or B) user-executed viruses (aka trojans). The other big issue is that theres been a ton of misinformation on the issue, particularly by Apple's marketing; Im really not clear why anyone would take advertising at face value, or assume that it is technically accurate. Didnt Apple fall FIRST in the first 5-6 Pwn2Own competitions?

And those vulnerabilities exist just to run user-mode worms, in the end - because having an administrator prompt suddenly appear without warning is a sure sign of an infection.

Despite all the rootkits and other stuff, if they can't find a privilege escalation hole, it runs in the background as a user-mode process - you don't need to be root to connect to port 25 or read a user's files, after all.

As for Pwn2Own, the results really are meaningless - if you break OS X, you win a MacBook. If you break Windows, you get a Sony laptop. If you break Linux, you get a Dell. And they aren't necessarily the nicest machines on the lineup, either.

Well geez, Apple, Sony, Dell. If you wanted a new laptop, which do you pick? Most people DO like the looks of a MacBook Pro (even the lowest end configuration is still a nice looking laptop). Then likely Sony comes next (their laptops are fairly good looking). Which leaves the Dell, for those who just want a laptop and try to avoid the massive crowds going for the more desirable units.

Results may be more interesting if they all were Macbooks or something so they'd all be equally desirable.

It's just the same if you offered up an iPhone 5s, a Galaxy S4, a Blackberry Q10 or Z10 and other phones. The iPhone will go first (generally), followed by the Galaxy S4 (it's still a nice phone), and BlackBerry probably will "survive" - does it make their OS more secure? Or just less desirable?

Re:

[LordLimecat]

As for Pwn2Own, the results really are meaningless - if you break OS X, you win a MacBook. If you break Windows, you get a Sony laptop. If you break Linux, you get a Dell. And they aren't necessarily the nicest machines on the lineup, either.

Theyre not meaningless. They prove exactly what people have been saying for years: that if theres a financial incentive, a platform will be exploited. When the incentive is a macbook, oh look OSX gets exploited in less than a day.

Re:

[benjymouse]

As for Pwn2Own, the results really are meaningless - if you break OS X, you win a MacBook. If you break Windows, you get a Sony laptop. If you break Linux, you get a Dell. And they aren't necessarily the nicest machines on the lineup, either.

You get the machine *and* a $10000 for the first machine/browser to fall. While Apple machines are nice, $10000 will buy you a few *very* nice Apple kits, even if you exploit Windows first. Given $10000 for 1st price, $5000 for second, you'd expect the contestants to go for the easy one first. They knocked OS X over in a matter of minutes.

Well geez, Apple, Sony, Dell. If you wanted a new laptop, which do you pick? Most people DO like the looks of a MacBook Pro (even the lowest end configuration is still a nice looking laptop). Then likely Sony comes next (their laptops are fairly good looking). Which leaves the Dell, for those who just want a laptop and try to avoid the massive crowds going for the more desirable units.

I'd take the $10000 rather than risking a 2nd place with $5000, thank you.

Re:

[mspohr]

Why are there no botnets of Mac or Linux machines? It's all Windows.
I know Windows is more "popular". Is that why the popular girls and guys always are infected?
Since most Mac and Linux machines run without any anti-virus software, you would think they would be easy targets... unless, of course, there was something about the OS itself which was better than Windows (duh).
Also, you have to stop blaming the users for the problems with Windows. I don't think Mac or Linux users are any smarter but they seem to

Re:

[LordLimecat]

Why are there no botnets of Mac or Linux machines?

Because Linux and OSX comprise like 5% of the market, collectively. If youre writing an exploit-kit, would you target windows (~95%), or OSX (5%)? Kind of proved that point with Pwn2Own, where OSX was fully compromised by simply sending a user to a link, before the windows computer, every year for 5 years, simply because of the financial incentive (free MacBook).

Also, your info is wrong. Linux boxes get exploited / broken into all the time; its just that (again) the desktop market for Linux is absolutely

Re:

[Anonymous Coward]

Not sure if you guys are trolling or just misinformed. Windows bugs have long since ceased to be the exploit mechanism for viruses; last time I saw a breakdown on it (a year or so ago) it was something like 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, and a small percentage of OS vulnearabilities.

Yes. 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, while running on a Windows OS. Let me repeat that for you, while running on a Windows OS.

Microsoft made this bot infested world we live in possible with Windows. Blaming it on third party software is nothing more than shooting the messenger.

Re:

[LordLimecat]

I guess we're going with "misinformed".

PDF, flash, and java are all cross-platform runtimes. When a bug is patched in one, its patched in all of them-- check the java update history, and see how every windows update has a corresponding linux update. Then check and see just how much of each update is "critical security fixes". IIRC, its "most of them".

If firefox or safari have exploitable bugs (they do), those bugs tend to exist on multiple platforms. Blaming the OS for a framework that interprets code o

Re:

[reikae]

I'm not sure I would like Microsoft locking down Windows so that it won't allow me to shoot myself in the foot. Because that's what people do when they install trojan horse malware.

I admit I'm not even close to an expert on the subject, so I'd like to hear what options there are to prevent installation of trojans without seriously limiting the functionality of the OS.

i'm torn

[X0563511]

Between being happy that someone is causing harm to advertisers, and being not happy that 2-million zombies are, well, existing.

Re:

[0123456]

There are much worse things people could be doing with two million zombie Windows PCs.

Re:

[account_deleted]

Comment removed based on user account deletion

Europol keeping the world safe from click-fraud

[JoeyRox]

What a fantastic use of taxpayer funds.

Re:

[mythosaz]

Yeah, going after organized crime seems a total waste...

Re:Europol keeping the world safe from click-fraud

[zlives]

so they finally jailed the bankers?

Re:

[Teun]

Well, the article does mention Microsoft...

Ah ha

[ShaunC]

elaborate and lucrative scheme to defraud online advertisers

So giant botnets, massively spreading keyloggers, etc. designed to defraud individuals are no big deal, but holy shit... Go after the advertisers' money and you're inviting the wrath of governments. Yep, I see how it works!

Microsoft Windows Botnets ©

[codeusirae]

And these botnets wouldn't be viable without that leaky tub known as Microsoft Windows ..