Wednesday, November 22, 2017
Home / Malware / 9 Million PCs infected by ZeroAccess Botnet

9 Million PCs infected by ZeroAccess Botnet

ZeroAccess is a enormously widespread malware threat that has harassed individuals and enterprises for years. It’s evolved over time to cater for new architectures and new versions of Windows.

SohosLabs has analysed previous ZeroAccess bots and rootkits in depth.  The botnet is not ran by the usually protocols of IRC and HTTP, ZeroAccess connects to a Peer to Peer botnet.

Sohpos’s research has discovered that the ZeroAccess botnet is currently being used for two main purposes: Click fraud and Bitcoin mining.

If running at maximum capacity the ZeroAccess botnet is capable of making a staggering amount of money: in excess of $100,000 a day.

Sophos researchers have also reverse-engineered the mechanisms by which the ZeroAccess owners keep tabs on the botnet, and came across an array of formulas applied that are configured to bury the call-home network communications in legitimate-seeming traffic.

An analysis of the rootkit that dates back to 2011 by Webroot can be viewed here: http://pxnow.prevx.com/content/blog/zeroaccess_analysis.pdf

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Exploit Kit activity on a steep decline since April

As malware writers are moving to Neutrino and RIG exploit kits (EK) for dispersal needs, security experts …