Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Millions of Home Networks Infected by ZeroAccess Botnet

A report from network-based security and analytics vendor Kindsight says that 2.2 million home networks were infected with the ZeroAccess botnet in Q3 2012. This infection rate means that advertisers are losing almost one million dollars a day due to click fraud generated by the botnet, the report adds.

A report from network-based security and analytics vendor Kindsight says that 2.2 million home networks were infected with the ZeroAccess botnet in Q3 2012. This infection rate means that advertisers are losing almost one million dollars a day due to click fraud generated by the botnet, the report adds.

ZeroAccess has been around since 2010, and is a business in and of itself. In September, it was estimated that the size of the botnet had grown to one million systems and had been installed over 9 million times globally, with the majority of these infection and installation points located within the U.S.

Anti-Virus firm Sophos reported at the time that the focus of the botnet was Bitcoin mining and click fraud, and if operating at full capacity, “…the ZeroAccess botnet is capable of making a staggering amount of money: in excess of $100,000 a day,” Sophos’ Senior Threat Researcher James Wyke said.

ZeroAccess spreads via exploit kits, and is often delivered to its victims by websites linked to Warez (key generators and cracks) and pirated game downloads. A Google Earth visualization of ZeroAccess infections in September was compiled by another security firm, F-Secure, and can be seen here.

Kindsight’s latest report mirrors the findings from Sophos and geographic data released by F-Secure, in that some 2.2 million systems in North America were infected by ZeroAccess in Q3 2012, or 1 in 25 home networks.

This total equates to 13% of the home networks in North America, which is actually down from the totals reported last quarter. Given that click fraud is one of the botnet’s functions, Kindsight estimates that it could be costing advertisers $900,000 per day.

There’s a reason ZeroAccess is popular among online criminals, and why the botnet has spread as far as it has.

According to research from Sophos, one reason for the continued growth of the ZeroAccess botnet is due to the compensation scheme offered by its authors, who use a lucrative Pay-Per-Install affiliate program to distribute malware. Thus, the money collected from click fraud is used to pay people for additional installations, creating a type of pyramid scheme business plan.

Given the methods used to propagate and spread ZeroAccess, combined with the large amount of money to be made in keep it alive, there’s little hope that it will go away any time soon.

Sophos and Kindsight have each examined ZeroAccess in detail. Kindsight’s analysis on ZeroAccess is here, it was published in February. Sophos’ report, written last month, is available here.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.