Rather than being the flavor of the week, the ZeroAccess botnet continues to be a mainstay in the cybercriminal world. Its makers continue to cash in, and there’s no end in site, researchers say.
In fact, according to FortiGuard Labs‘ most recent numbers, the ZeroAccess botnet has claimed the No. 1 spot on the litany of threats. “In the first quarter of 2013, we have seen owners of the ZeroAccess botnet maintain and expand the number of bots under its control,” Richard Henderson, security strategist and threat researcher for Fortinet’s FortiGuard Labs, told IFSEC Global. “In the last 90 days, the owners of ZeroAccess have sent their infected hosts 20 software updates.”
The growth of ZeroAccess infections has remained constant over the last 90 days, the researcher told us. In round numbers, FortiGuard is seeing 100,000 new infections per week and almost 3 million unique IP addresses reporting infections. This botnet may be generating its owners up to $100,000 per day in fraudulent advertising revenue alone, according to Henderson.
This botnet is leveraged primarily for click fraud and Bitcoin mining. This latter use is at the root of the value, as value of the decentralized, open-source-based digital currency continues to skyrocket. In fact, FortiGuard estimates that the ZeroAccess botnet is earning millions of dollars with Bitcoin mining.
The ZeroAccess botnet is not alone in its assault on the Bitcoin infrastructure. Starting in March and continuing this month, Mt. Gox, the largest Bitcoin Exchange in the world, was hammered with a continued Distributed Denial of Service (DDoS) attack that hoped to destabilize the currency. ZeroAccess, which can load DDoS modules into infected machines, though, does not currently use such a module, which suggests to Henderson that other botnet makers are also hoping to profit from Bitcoin.
FortiGuard predicts that the ZeroAccess botnet will continue to flourish for the foreseeable future. “My guess is that infections will happen as long as the botmaster has the money to fund it,” says Henderson. “It will go on indefinitely until some authority steps in, rounds them up and arrests them.”
There’s little organizations can do to say safe, other than adhere to the basics of good malware prevention. “I can only give the same advice over and over again. Be proactive on machine patching, especially on Patch Tuesday. You have to patch the same day it comes out.”
The use of antivirus software, firewalls, and other malware scanning programs is essential.
Most important of all, employees should be well trained in spotting phishing attempts and drive-by download sites. “The same old rules apply,” says Henderson. “Don’t open links that seem funny, and don’t click on ads that look funny. These malware apps are casting a wide net.”
Let us know if you’ve seen ZeroAccess botnet infections in your organizations. Better still, share your best-practices for keeping the organization safe.
Subscribe to the IFSEC Insider weekly newsletters
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
