Microsoft, Europol claim victory in taking down ZeroAccess botnet

Microsoft said late Thursday that it executed a concerted action with Europol against the servers and domains controlled by the Sirefef or ZeroAccess botnet.

The botnet, responsible for hijacking about 2 million PCs and using them for clickjacking and search fraud, was recently crippled by Symantec, which discovered a way to retake control of about a quarter of the infected PCs. More than 800,000 ZeroAccess-infected PCs were active and connected at any given time, research by UC San Diego showed. Although the botnet is expected to remain active, Microsoft said that it had “significantly disrupted” it.

Last week, Microsoft filed a civil suit against the cybercriminals operating the ZeroAccess botnet and won the right to essentially cut off the infected PCs within the United States from communicating with 18 IP addresses identified as command-and-control servers that the botnet’s creators operated. At the same time, Microsoft took over 49 domains associated with ZeroAccess, with assistance from A10 Networks. Europol, for its part, served warrants on the servers associated with the 18 IP addresses, located in Europol worked with Latvia, Luxembourg, Switzerland, the Netherlands, and Germany.

“The coordinated action taken by our partners was instrumental in the disruption of ZeroAccess; these efforts will stop victims’ computers from being used for fraud and help us identify the computers that need to be cleaned of the infection,” said David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit, in a statement. “Microsoft is committed to working collaboratively—with our customers, partners, academic experts and law enforcement—to combat cybercrime. And we’ll do everything we can to protect computer users from the sinister activities and criminal networks that victimize innocent people and businesses around the world.”

This isn’t the first time that Microsoft has worked with government agencies and industry partners to disrupt a botnet. This summer, Microsoft and the FBI worked to disrupt the Citadel botnet targeting financial agencies, taking down almost 90 percent of the network by July, following a joint action against the Bamital botnet in February.

Microsoft recently inaugurated a cybercrime center at its Redmond, Wash., campus to formally declare war on malware. Microsoft already employs nearly 100 attorneys, investigators, technical experts and forensic analysts to fight counterfeit software, as well as halt the spread of child pornography, click fraud, and other online threats.

If you suspect that your PC has been infected by ZeroAccess, Microsoft recommends that you visit its dedicated site for more information.

Subscribe to the Security Watch Newsletter

Comments