A computer malware program known as ZeroAccess has infected millions of systems worldwide since 2012. FBI and Microsoft are teaming up to crack down on attacks.
ZeroAccess botnet is a type of malware program designed to siphon off millions of online advertising dollars by discretely downloading itself onto a computer. The malware materializes through stolen search engine results and tricks users into clicking ads that are really Trojan horse viruses.
According to the FBI’s cyber-crime division, the real victims are unsuspecting consumers who inadvertently pass off the loss to online advertisers who are misinterpreting click through traffic as legitimate leads. According to Mashable, fake clicks affect as many as 48 ads per hour – translating to roughly $2.5 million per month in loses.
Researchers have traced the ZeroAccess botnet back to 2011, when it was originally caught posing as a form of anti-virus software. This snafu ended up infecting 2 million plus operating systems in just a year.
Like many other types of malicious programs, attackers may be paid by third party sources in order to carry out the attacks. One way ZeroAccess affixes itself to a machine is by posing as a legitimate file -infecting unsuspecting users who accidentally download it. Again, this costs advertisers thousands of dollars a day because people are clicking on fraudulent programs simply posing to be something they’re not.
Another way in which the botnet infects users is through pay-per-click (PPC) advertisements. Third party attackers are paid for engineering a rootkit that can install itself on a system. Attackers then mask the botnet as a paid advertisement. But such trickery has not gone unnoticed by the folks at Microsoft – who are working closely with the FBI to crack down on ZeroAccess and other types of harmful Botnets.
Microsoft has a whole forensics lab dedicated to fighting these sorts of cyber-crime and has invited FBI and other crime fighting organizations from around the world to pool their resources in an effort to fight back and protect innocent civilians and online advertisers.
Through reverse engineering and careful analysis of the malicious code Microsoft’s forensics team has been able to determine how the virus works, how it disguises itself and maybe – just maybe where it has originated from.
Support.Microsoft.com has some great tools to help users determine if their machine has been infected from ZeroAccess or other types of malicious botnets
By James Mulvey