"At its peak in 2013, ZeroAccess, also known as Sirefef, consisted
of more than 1.9 million infected computers that were primarily
used for click fraud and Bitcoin mining."
"The botnet was reactivated on January 15, when it "again began
distributing click-fraud templates to compromised systems"
"To perpetrate click fraud, malware displays ads on infected
computers and clicks on them, masking the clicks as legitimate
user actions in order to generate advertising income for the
botnet operators."
Anyone that spends a dime paying google for advertising services
(adsense) needs to read #### like this and understand what a load of
horse-#### internet advertising is, how much of it is worthless fraud.
Google needs to have it's ass kicked in public by the tech press more
often and it's empire exposed as the fraud that it is.
"The Dell SecureWorks researchers observed 55,208 unique IP
addresses participating in the botnet between January 17
and January 25 --
38,094 corresponding to compromised 32-bit Windows systems
and 17,114 to 64-bit systems. The top ten affected countries
are Japan, India, Russia, Italy, the U.S., Brazil, Taiwan,
Romania, Venezuela and Germany."
Ah, the false promise that NT-based Windoze is oh, so secure continues.
Even 64-bit versions.
I don't know what pile of horse #### is higher: The fraud and
criminality that powers Google's advertising business, or the lie that
the bloated NT-based Windows is or could ever be secured and protected
from it's own internal complexity and incredibly bad coding.
=========================================================
The ZeroAccess botnet is back in business
After a six-month break, it resumes click-fraud activity
Jan 30, 2015
A peer-to-peer botnet called ZeroAccess came out of a six-month
hibernation this month after having survived two takedown attempts by
law enforcement and security researchers.
At its peak in 2013, ZeroAccess, also known as Sirefef, consisted of
more than 1.9 million infected computers that were primarily used for
click fraud and Bitcoin mining.
That was until security researchers from Symantec found a flaw in the
botnet's resilient peer-to-peer architecture. This architecture allowed
the bots to exchange files, instructions and information with each other
without the need for central command-and-control servers, which are the
Achilles' heel of most botnets.
By exploiting the flaw, Symantec managed to detach over half a million
computers from ZeroAccess in July 2013 and launched an effort to clean
them up in cooperation with ISPs and CERTs.
In December that same year the FBI, Europol, Microsoft and several
security vendors launched a second operation that further crippled the
botnet and led to those behind it capitulating. The botnet operators
actually sent an update to the infected machines that contained the
message "WHITE FLAG."
"We believe that action symbolizes that the criminals have decided to
surrender control of the botnet," Richard Domingues Boscovich, assistant
general counsel with the Microsoft Digital Crimes Unit, said at the time
in a blog post.
It didn't last long. Cybercriminals reactivated the botnet and used it
between March 21 and July 2, 2014, but then -- silence. Until now.
The botnet was reactivated on January 15, when it "again began
distributing click-fraud templates to compromised systems," researchers
from Dell SecureWorks said in a blog post Wednesday.
To perpetrate click fraud, malware displays ads on infected computers
and clicks on them, masking the clicks as legitimate user actions in
order to generate advertising income for the botnet operators.
ZeroAccess is only a shadow of its former self, as the attackers did not
attempt to infect new systems since December 2013. However, the new
activity this year indicates that they haven't completely given up on
it.
The Dell SecureWorks researchers observed 55,208 unique IP addresses
participating in the botnet between January 17 and January 25 -- 38,094
corresponding to compromised 32-bit Windows systems and 17,114 to 64-bit
systems. The top ten affected countries are Japan, India, Russia, Italy,
the U.S., Brazil, Taiwan, Romania, Venezuela and Germany.
"Although the threat actors behind ZeroAccess have not made any
measurable attempts to augment the botnet in more than a year, it
remains substantial in size," the SecureWorks researchers said. "Its
resiliency is a testament to the tenacity of its operators and
highlights the danger of malware using P2P networks."
http://www.computerworld.com/article/2877923/the-zeroaccess-botnet-is-back-in-b
usiness.html
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|