Rather than being the flavor of the week, the ZeroAccess botnet continues to be a mainstay in the cybercriminal world. Its makers continue to cash in, and there’s no end in site, researchers say.
In fact, according to FortiGuard Labs‘ most recent numbers, the ZeroAccess botnet has claimed the No. 1 spot on the litany of threats. “In the first quarter of 2013, we have seen owners of the ZeroAccess botnet maintain and expand the number of bots under its control,” Richard Henderson, security strategist and threat researcher for Fortinet’s FortiGuard Labs, told IFSEC Global. “In the last 90 days, the owners of ZeroAccess have sent their infected hosts 20 software updates.”
The growth of ZeroAccess infections has remained constant over the last 90 days, the researcher told us. In round numbers, FortiGuard is seeing 100,000 new infections per week and almost 3 million unique IP addresses reporting infections. This botnet may be generating its owners up to $100,000 per day in fraudulent advertising revenue alone, according to Henderson.
This botnet is leveraged primarily for click fraud and Bitcoin mining. This latter use is at the root of the value, as value of the decentralized, open-source-based digital currency continues to skyrocket. In fact, FortiGuard estimates that the ZeroAccess botnet is earning millions of dollars with Bitcoin mining.
The ZeroAccess botnet is not alone in its assault on the Bitcoin infrastructure. Starting in March and continuing this month, Mt. Gox, the largest Bitcoin Exchange in the world, was hammered with a continued Distributed Denial of Service (DDoS) attack that hoped to destabilize the currency. ZeroAccess, which can load DDoS modules into infected machines, though, does not currently use such a module, which suggests to Henderson that other botnet makers are also hoping to profit from Bitcoin.
FortiGuard predicts that the ZeroAccess botnet will continue to flourish for the foreseeable future. “My guess is that infections will happen as long as the botmaster has the money to fund it,” says Henderson. “It will go on indefinitely until some authority steps in, rounds them up and arrests them.”
There’s little organizations can do to say safe, other than adhere to the basics of good malware prevention. “I can only give the same advice over and over again. Be proactive on machine patching, especially on Patch Tuesday. You have to patch the same day it comes out.”
The use of antivirus software, firewalls, and other malware scanning programs is essential.
Most important of all, employees should be well trained in spotting phishing attempts and drive-by download sites. “The same old rules apply,” says Henderson. “Don’t open links that seem funny, and don’t click on ads that look funny. These malware apps are casting a wide net.”
Let us know if you’ve seen ZeroAccess botnet infections in your organizations. Better still, share your best-practices for keeping the organization safe.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
Its amazing when you realize how much money could possibly be made from such a endeavor, but the question these botmasters need to ask is it worth having that money seized and spending the rest of your life in jail to make it? It may sound sometimes like there is no hope of fighting off zero day infections on massive botnet infection but really you spoke to the truth of the traditional methods of infection avoidance being the best way to not have to deal with the pain that comes along with these things. Surf smart, stay up to date,… Read more »
This botnet may be generating its owners up to $100,000 per day in fraudulent advertising revenue alone
I think rising Bitcoin’s popularity might encourage more botnet owners to use their botnets to turn target devices into zombie miners or to disrupt the Bitcoin market. Such security concerns might eventually reduce the popularity of Bitcoins.
I think that we’re going to have to catch and convict a lot more cybercriminals before the bad guys are going to start taking notice, Botnet. All criminals, traditional and cyber alike, think that they aren’t giong to get caught. Until very recently, they’ve largely been right.
I’m sure this is going to get worse until it gets better… I also think that there was some thought in the industry that the Bitcoin market was immune to problems unlike the real currency markets. I agree that that’s being proven untrue.
Hailey, I think what has been hindering the pursuit of cybercriminals for so long is the amount of cost involved. The costs associated with damages and recovery from attacks, the cost to investigate across international borders, to pursue and make an actual arrest is just not something most law enforcement offices have a budget for. The really big fish get noticed and pursued but in the end the number of small time offenders can really add up to be a health amount of cost in the end. If these things are going to be stopped and the criminals brought to… Read more »
I agree with you, Jonathan. Recently, we’ve had some nice examples of international cooperation to take down botnets. This story is just one of them. I believe we’ll do more of this, because the criminals thinking they are unstoppable just costs too much–and it will only get worst. THe cost of catching some of the criminals is as much about demonstrating to the others that there can be a high cost to doing stuff as it is about stopping the ones who are caught.