ZeroAccess botnet, also known as Sirefef botnet, had as many as 2 million zombies as its members and was known to hijack search results of leading search engines including Bing, Yahoo and Google and was also involved in clickfrauds that cost advertisers an estimated $2.7 million each month.
The disruption of ZeroAccess doesn’t mean that the botnet is not dysfunctional as the zombies (infected systems) continue to remain infected with malware. Microsoft notes that ZeroAccess is one of the most durable botnets, which used peer-to-peer infrastructure, allowing its controllers to send out commands to the zombies even when multiple C&C servers are taken down.
“Research by the University of California, San Diego shows that as of October 2013, 1.9 million computers were infected with ZeroAccess, and Microsoft determined there were more than 800,000 ZeroAccess-infected computers active on the Internet on any given day”, notes Microsoft in a press release.
The disruption of ZeroAccess involved filing of a civil lawsuit against the perpetrators of the botnet with the U.S. District Court for the Western District of Texas. After obtaining due authorization from the court, Microsoft blocked incoming and outgoing communications systems located in the US and 18 IP addresses located worldwide along with it, while also taking control of the 49 domains associated with ZeroAccess. “A10 Networks provided Microsoft with advanced technology to support the disruptive action”, noted Microsoft.
Europol assisted Microsoft in this disruption through a coordinated multijurisdictional criminal action spanning Latvia, Luxembourg, Switzerland, the Netherlands and Germany by executing search and seizure warrants on computer servers which were associated with the 18 IP addresses located in Europe.