Security vendor Symantec has disrupted part of the ZeroAccess botnet, freeing 500,000 of the 1.9 million infected computers from the malicious network’s control. Symantec researchers took advantage of an undisclosed flaw in the network’s peer-to-peer updating to poison 256 peer computers that were part of the botnet. The researchers then injected their own IP addresses into the botnet to gain control of them. They tried to wrest control of ZeroAccess’ entire command-and-control mechanism. However, because the botnet distributes its instructions peer to peer, rather than via centralized servers, this frustrated the researchers’ attempts. In addition, the botmasters subsequently updated the malware they use to control computers to eliminate the vulnerabilities that Symantec exploited. The company is working to free victimized computers that don’t have the update. Symantec researchers call ZeroAccess “one of the most menacing botnets in current circulation.” The botnet operators use the computers they control to distribute malware, and commit advertising fraud, specifically click fraud, and online currency fraud through using the compromised computers for Bitcoin mining. The advertising fraud alone reportedly nets about $700,000 per year from roughly 1,000 clicks/day per computer. (BBC)(Computerworld)(Ars Technica)
