Symantec early this month released a report which states that more than half a million ZeroAccess botnet infections are discovered and first by Symantec. ZeroAccess is a sophisticated and resilient botnet, which has been active since 2011 and is one of the largest known botnets in existence – with upwards of 1.9 million infected computers on a given day as observed in August 2013.
First question for the one who don’t know about all this dark area is what are bots and botnet?
Bot infected computer activities can be classified as actively attacking bots or bots that send out spam such as spam zombies. Spam zombies are remotely controlled, compromised systems specifically designed to send out large volumes of junk or unsolicited email messages.
The ZeroAccess botnet which we are talking about here is one of the largest known botnets in existence today with a population upwards of 1.9 million computers, on any given day, as observed by Symantec in August 2013. A key feature of the ZeroAccess botnet is its use of a peer-to-peer (P2P) command-and-control (C&C) communications architecture, which gives the botnet a high degree of availability and redundancy. In the ZeroAccess botnet, there is constant communication between peers. Each peer continuously connects with other peers to exchange peer lists and check for updated files, making it highly resistant to any take-down attempts.
While 35 per cent of the infections were observed in the US, India had the third highest infection rate globally, just behind US and Japan. Nearly six per cent of ZeroAccess infections were observed in India.
But how is this botnet helping the attackers?
ZeroAccess botnet leverages click-fraud and Bitcoin mining to carry out two revenue generating activities for the attackers, potentially earning tens of millions of USD per year in the process.
- Click fraud: The click fraud Trojan downloads online ads onto the infected computer and generates artificial clicks on the ads as if they were generated by legitimate users. These false clicks count for pay outs in pay-per-click (PPC) affiliate schemes.
- Bitcoin mining: The virtual currency holds a number of attractions for cybercriminals. The way each bitcoin comes into existence is based on the carrying out mathematical operations known as “mining” on computing hardware. This activity has a direct value to the botmaster and a cost to the unsuspecting victims; we took a closer look at the economics and impact of this activity using some old computers available in symantec’s labs.
So basically the attackers are earning money while we are worried protecting our data, and observing the increase of infections day by day it has become necessary for consumers to be aware of what all could happen. Earlier this year, Symantec’s Internet Security Threat Report Vol 18 – identified that India accounted for nearly 15 percent of global botnet spam, responsible for disseminating an estimated 280 million spam messages per day worldwide.
Symantec is actively working with ISPs and CERTs worldwide to share information and help get ZeroAccess bot infected computers cleaned up. Symantec continues to devote the resources of security experts as well as the largest, most sophisticated global intelligence network in the world to investigate security threats in order to keep customers from individual consumers to global corporations informed and protected.