A highly resilient botnet conservatively estimated to generate about $700,000 per year in fraudulent advertising revenue narrowly escaped a shutdown engineered by whitehats from security firm Symantec.
Symantec researchers have estimated that ZeroAccess, until recently a network of about 1.9 million infected computers, generates about 1,000 fraudulent clicks per day on each machine it controls. It also harnessed the electricity and hardware at the disposal of compromised machines to carry out the mathematical operations required to "mine" bitcoins. The unusually large footprint combined with the high collective cost on advertisers and PC owners made ZeroAccess one of the most menacing botnets in current circulation. Symantec researchers set out to "sinkhole" the botnet by taking control of the command-and-control mechanism botmasters use to send and receive data from individual bots.
But there was a challenge. ZeroAccess implements a peer-to-peer architecture that was designed to withstand takedown attempts. Unlike traditional botnets that use a relatively small number of servers to communicate with infected machines, these bots exchanged data with hundreds of their peers, which in turn exchanged data with hundreds of peers. The decentralized arrangement meant ZeroAccess was immune to traditional sinkholing operations that seize control of the IP addresses or domain names the bots access to receive instructions and software updates.
Read 7 remaining paragraphs | Comments