NEWS - October 02, 2013
by Carol~ - 10/2/13 8:08 AM
Blood-sucking botnet narrowly escapes extermination, lives to leech again
"P2P resiliency allows ZeroAccess to continue reaping click fraud windfall"
A highly resilient botnet conservatively estimated to generate about $700,000 per year in fraudulent advertising revenue narrowly escaped a shutdown engineered by whitehats from security firm Symantec.
Symantec researchers have estimated that ZeroAccess, until recently a network of about 1.9 million infected computers, generates about 1,000 fraudulent clicks per day on each machine it controls. It also harnessed the electricity and hardware at the disposal of compromised machines to carry out the mathematical operations required to "mine" bitcoins. The unusually large footprint combined with the high collective cost on advertisers and PC owners made ZeroAccess one of the most menacing botnets in current circulation. Symantec researchers set out to "sinkhole" the botnet by taking control of the command-and-control mechanism botmasters use to send and receive data from individual bots.
But there was a challenge. ZeroAccess implements a peer-to-peer architecture that was designed to withstand takedown attempts. Unlike traditional botnets that use a relatively small number of servers to communicate with infected machines, these bots exchanged data with hundreds of their peers, which in turn exchanged data with hundreds of peers.
Continued : http://arstechnica.com/security/2013/09/blood-sucking-botnet-narrowly-escapes-extermination-lives-to-leech-again/
ZeroAccess: The Most Profitable Botnet
Researchers sinkhole half a million ZeroAccess bots