Microsoft has announced they have stepped-up their fight on cyber criminals by partnering with the FBI, A10 Networks, and Europol’s European Cybercrime Centre (EC3). The most recent endeavours by the new crime fighting union was said to have “successfully disrupted” a Botnet that was responsible for infecting nearly 2 million computers. It is estimated that this Botnet operation has been costing online advertisers more than $2.7 million dollars per month.
Microsoft is now working on a preliminary court injunction that would direct U.S. Internet Service Providers among other groups controlling domains and IP addresses, to shut down the Botnet’s network. The suit was filed in a Texas district court and asks these groups to also preserve material and content associated with the Botnet for helping with Microsoft’s fight.
The Botnet, known as ZeroAccess is very sophisticated and has not been totally disabled but Microsoft is hoping that the combined efforts of technical and legal action will put the Botnet in serious jeopardy. The actions of the cyber crime units are looking to disrupt the Botnet’s business model by affecting their criminal infrastructure. Their efforts are also hoping to protect the Botnet victims’ computers from executing any future fraudulent schemes.
The ZeroAccess Botnet affects search engines such as Bing, Yahoo, and Google, by hijacking an innocent person’s computer and redirecting their search results. Once hijacked, they are taken to dangerous websites which then install and infect a person’s computer with a malware. The cyber criminals can then access personal information and data and ultimately commit fraud by charge businesses for advertising clicks. ZeroAccess is disguised as legitimate software by tricking their victims into downloading and installing it on their computers.
ZeroAccess is a difficult to be totally eradicated as it relies on a peer-to-peer infrastructure. This infrastructure allows the cyber criminals to control the Botnet remotely from thousands and thousands of infected computers. According to Microsoft, the Botnet is one of the most sophisticated operations in history due to it being so durable and robust.
ZeroAccess malware will disable a user’s security features opening up their system to be vulnerable to even more secondary attacks. Microsoft recommends the immediate removal of the infection using up to date anti-virus software or malware removal tools.
Microsoft says they are stepping-up the fight on these cyber criminals by notifying people who have been infected with the malware. Microsoft is directing people to their support site for more information on the Botnet which provides them with information regarding its removal.
Microsoft’s fight against ZeroAccess is their first target since forming a new Cybercrime Center last month. The Cybercrime Center was formed after Microsoft was successful in disrupting over 1,000 Botnets back in June. Those Botnets were being used to rob innocent victims of their identity and banking information. Citadel was the name of the Botnet that infected more than 5 million people and was responsible for losses of over $500 million dollars.
Other entities such as Trustwave’s SpiderLabs, have recently looked at source code from a Botnet dubbed Pony, which was recently discovered. Pony successfully stole credentials for 1.58 million websites, including 320,000 email accounts. They also found the Botnet responsible for breaching security on 3,000 secure shell accounts, 3,000 remote desktops, and 41,000 FTP accounts.
In the past year, Microsoft’s technical and legal teams of their Digital Crimes Unit were successful in taking down the Bamital and Nitol Botnets. Microsoft announced on Thursday that their new Cyber Crime Unit and their newly formed alliances were stepping up their fight on cyber criminals, like those responsible for the ZeroAccess Botnet.
By Brent Matsalla