Slashdot Mirror

← Back to Stories (view on slashdot.org)

Europol, Microsoft Target 2-Million Strong ZeroAccess Click Fraud Botnet

Posted by Soulskill on from the go-big-or-go-home dept.

tsu doh nimh writes "Authorities in Europe joined Microsoft Corp. this week in disrupting 'ZeroAccess,' a vast botnet that has enslaved more than two million PCs with malicious software in an elaborate and lucrative scheme to defraud online advertisers. KrebsOnSecurity.com writes that it remains unclear how much this coordinated action will impact the operations of ZeroAccess over the long term, but for now the PCs infected with the malware remain infected and awaiting new instructions. ZeroAccess employs a peer-to-peer architecture in which new instructions and payloads are distributed from one infected host to another. The actions this week appear to have targeted the servers that deliver a specific component of ZeroAccess that gives infected systems new instructions on how to defraud various online advertisers, including Microsoft. While this effort will not disable the ZeroAccess botnet (the infected systems will likely remain infected), it should allow Microsoft to determine which online affiliates and publishers are associated with the miscreants behind ZeroAccess, since those publishers will have stopped sending traffic directly after the takedown occurred. Europol has a released a statement on this action, and Microsoft has published a large number of documents related to its John Doe lawsuits intended to unmask the botnet the ZeroAccess operators and shut down the botnet."

44 comments

  1. "Click fraud" by i+kan+reed · · Score: 2

    The term "Click fraud" didn't use to bother me, as a concept. Now it's just a symbol of getting a little bit of disinformation in on a horrendous web-based spying and manipulation industry. I don't sympathize with those trying to extract money from advertisers by lying, but I'm 100% behind their collective bankruptcy.

    1. Re:"Click fraud" by 0123456 · · Score: 2

      I sometimes wonder whether anyone ever really clicks on an Internet ad, or it's all just bots. I guess a few people must do so now and again, if only by accident.

    2. Re:"Click fraud" by mspohr · · Score: 2

      I click ads on Slashdot (even though I could disable them) in order to support the site. I've even bought stuff this way.

      --
      I don't read your sig. Why are you reading mine?
    3. Re:"Click fraud" by mythosaz · · Score: 2

      Yup. Some of us actually believe in supporting the sites we use, which in some cases means submitting to their advertising in exchange for their content.

      ...and doing so without a rant about how the HTTP standard means I can only pull the parts I want because I lack the understanding of how society works.

      [Cue the hosts file spam...]

    4. Re: "Click fraud" by alen · · Score: 1

      Most advertising is for branding, not immediate sales

      The idea is to pester you with the name so when you need it you think of the branded products first. Or you think they are good quality

      Like breakfast cereal running ads during cartoons in the 80's or using sports stars to hype products

    5. Re:"Click fraud" by Bob+the+Super+Hamste · · Score: 1

      I have and the company even got a sale because the ad words the bought from Google did a better job of matching my search than Google's search engine. Granted I was looking for a company to do titanium nitride coating on a project I was working on so not something that most people search for.

      --
      Time to offend someone
    6. Re: "Click fraud" by 0123456 · · Score: 1

      Yeah, that's what advertisers say when they're trying to justify their existence and can't prove any immediate benefit.

      It's also irrelevant to this article about click-bots, because they're clearly being paid for people clicking on the ads.

    7. Re:"Click fraud" by Anonymous Coward · · Score: 0

      "Come play,
                              My lord"

    8. Re: "Click fraud" by gl4ss · · Score: 1

      oh but this is more about the cartoon company lying about the amount of their viewers..

      --
      world was created 5 seconds before this post as it is.
  2. Wouldn't want that by Anonymous Coward · · Score: 0

    malicious software in an elaborate and lucrative scheme to defraud online advertisers.

    Remove the fraud from the online advertiser market? How could you consider such a thing?! ;D

  3. Cheaper by Anonymous Coward · · Score: 1

    Looks like it's much cheaper for Microsoft to have a "digital crimes unit" and let the government do the rest on behalf of the tax payer than to make their shitty operating system halfway secure in the first place.

    1. Re:Cheaper by mspohr · · Score: 0

      I haven't used Windows in years but I thought that Microsoft was trying to make Windows more secure... I guess that was just PR.
      I can't believe that people put up with all the malware on Windows... it has to be a huge security threat.

      --
      I don't read your sig. Why are you reading mine?
    2. Re:Cheaper by LordLimecat · · Score: 5, Interesting

      Not sure if you guys are trolling or just misinformed. Windows bugs have long since ceased to be the exploit mechanism for viruses; last time I saw a breakdown on it (a year or so ago) it was something like 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, and a small percentage of OS vulnearabilities.

      Additionally, since Vista, Windows' "security" has generally been as good or better than its competitors; it had strong ASLR before OSX / Linux, for starters. The issue is that none of that stuff protects against A) buggy plugins, or B) user-executed viruses (aka trojans). The other big issue is that theres been a ton of misinformation on the issue, particularly by Apple's marketing; Im really not clear why anyone would take advertising at face value, or assume that it is technically accurate. Didnt Apple fall FIRST in the first 5-6 Pwn2Own competitions?

    3. Re:Cheaper by tlhIngan · · Score: 3, Insightful

      Not sure if you guys are trolling or just misinformed. Windows bugs have long since ceased to be the exploit mechanism for viruses; last time I saw a breakdown on it (a year or so ago) it was something like 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, and a small percentage of OS vulnearabilities.

      Additionally, since Vista, Windows' "security" has generally been as good or better than its competitors; it had strong ASLR before OSX / Linux, for starters. The issue is that none of that stuff protects against A) buggy plugins, or B) user-executed viruses (aka trojans). The other big issue is that theres been a ton of misinformation on the issue, particularly by Apple's marketing; Im really not clear why anyone would take advertising at face value, or assume that it is technically accurate. Didnt Apple fall FIRST in the first 5-6 Pwn2Own competitions?

      And those vulnerabilities exist just to run user-mode worms, in the end - because having an administrator prompt suddenly appear without warning is a sure sign of an infection.

      Despite all the rootkits and other stuff, if they can't find a privilege escalation hole, it runs in the background as a user-mode process - you don't need to be root to connect to port 25 or read a user's files, after all.

      As for Pwn2Own, the results really are meaningless - if you break OS X, you win a MacBook. If you break Windows, you get a Sony laptop. If you break Linux, you get a Dell. And they aren't necessarily the nicest machines on the lineup, either.

      Well geez, Apple, Sony, Dell. If you wanted a new laptop, which do you pick? Most people DO like the looks of a MacBook Pro (even the lowest end configuration is still a nice looking laptop). Then likely Sony comes next (their laptops are fairly good looking). Which leaves the Dell, for those who just want a laptop and try to avoid the massive crowds going for the more desirable units.

      Results may be more interesting if they all were Macbooks or something so they'd all be equally desirable.

      It's just the same if you offered up an iPhone 5s, a Galaxy S4, a Blackberry Q10 or Z10 and other phones. The iPhone will go first (generally), followed by the Galaxy S4 (it's still a nice phone), and BlackBerry probably will "survive" - does it make their OS more secure? Or just less desirable?

    4. Re:Cheaper by mspohr · · Score: 1, Insightful

      Why are there no botnets of Mac or Linux machines? It's all Windows.
      I know Windows is more "popular". Is that why the popular girls and guys always are infected?
      Since most Mac and Linux machines run without any anti-virus software, you would think they would be easy targets... unless, of course, there was something about the OS itself which was better than Windows (duh).
      Also, you have to stop blaming the users for the problems with Windows. I don't think Mac or Linux users are any smarter but they seem to avoid these nasty infections.

      --
      I don't read your sig. Why are you reading mine?
    5. Re:Cheaper by Anonymous Coward · · Score: 1

      Not sure if you guys are trolling or just misinformed. Windows bugs have long since ceased to be the exploit mechanism for viruses; last time I saw a breakdown on it (a year or so ago) it was something like 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, and a small percentage of OS vulnearabilities.

      Yes. 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, while running on a Windows OS. Let me repeat that for you, while running on a Windows OS.

      Microsoft made this bot infested world we live in possible with Windows. Blaming it on third party software is nothing more than shooting the messenger.

    6. Re:Cheaper by reikae · · Score: 1

      I'm not sure I would like Microsoft locking down Windows so that it won't allow me to shoot myself in the foot. Because that's what people do when they install trojan horse malware.

      I admit I'm not even close to an expert on the subject, so I'd like to hear what options there are to prevent installation of trojans without seriously limiting the functionality of the OS.

    7. Re:Cheaper by Anonymous Coward · · Score: 0

      Since most Mac and Linux machines run without any anti-virus software, you would think they would be easy targets..

      Must be why kernel.org was infected with a rootkit . I mean what kind of toy OS ships with so many kernel vulnerabilities that people start calling it 'jailbreaking' and 'rooting' ? Oops..

      Protip: Just because *YOU* cant explain something, doesnt mean there isnt an explanation.

      but trolls like you aren't looking for honest discourse .. silly of me to assume so...

    8. Re:Cheaper by Anonymous Coward · · Score: 0

      know Windows is more "popular". Is that why the popular girls and guys always are infected?

      Yes. To run an effective botnet, you need a large number of machines. There simply isn't enough Macs out there and Linux is too obscure to even be on the radar.

    9. Re:Cheaper by LordLimecat · · Score: 1

      As for Pwn2Own, the results really are meaningless - if you break OS X, you win a MacBook. If you break Windows, you get a Sony laptop. If you break Linux, you get a Dell. And they aren't necessarily the nicest machines on the lineup, either.

      Theyre not meaningless. They prove exactly what people have been saying for years: that if theres a financial incentive, a platform will be exploited. When the incentive is a macbook, oh look OSX gets exploited in less than a day.

    10. Re:Cheaper by LordLimecat · · Score: 1

      Why are there no botnets of Mac or Linux machines?

      Because Linux and OSX comprise like 5% of the market, collectively. If youre writing an exploit-kit, would you target windows (~95%), or OSX (5%)? Kind of proved that point with Pwn2Own, where OSX was fully compromised by simply sending a user to a link, before the windows computer, every year for 5 years, simply because of the financial incentive (free MacBook).

      Also, your info is wrong. Linux boxes get exploited / broken into all the time; its just that (again) the desktop market for Linux is absolutely miniscule. OSX exploits have actually been on the rise over the last few years as its market share picks up.

    11. Re:Cheaper by LordLimecat · · Score: 1

      I guess we're going with "misinformed".

      PDF, flash, and java are all cross-platform runtimes. When a bug is patched in one, its patched in all of them-- check the java update history, and see how every windows update has a corresponding linux update. Then check and see just how much of each update is "critical security fixes". IIRC, its "most of them".

      If firefox or safari have exploitable bugs (they do), those bugs tend to exist on multiple platforms. Blaming the OS for a framework that interprets code off of the internet-- and is exploited doing so-- is just silly.

    12. Re:Cheaper by benjymouse · · Score: 1

      As for Pwn2Own, the results really are meaningless - if you break OS X, you win a MacBook. If you break Windows, you get a Sony laptop. If you break Linux, you get a Dell. And they aren't necessarily the nicest machines on the lineup, either.

      You get the machine *and* a $10000 for the first machine/browser to fall. While Apple machines are nice, $10000 will buy you a few *very* nice Apple kits, even if you exploit Windows first. Given $10000 for 1st price, $5000 for second, you'd expect the contestants to go for the easy one first. They knocked OS X over in a matter of minutes.

      Well geez, Apple, Sony, Dell. If you wanted a new laptop, which do you pick? Most people DO like the looks of a MacBook Pro (even the lowest end configuration is still a nice looking laptop). Then likely Sony comes next (their laptops are fairly good looking). Which leaves the Dell, for those who just want a laptop and try to avoid the massive crowds going for the more desirable units.

      I'd take the $10000 rather than risking a 2nd place with $5000, thank you.

      --
      Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  4. More fraud by Runaway1956 · · Score: 4, Interesting

    Most advertising is fraudulent - defrauding the fraudsters is really a crime?

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    1. Re:More fraud by Anonymous Coward · · Score: 1

      Is murdering murders a crime?

    2. Re:More fraud by CCarrot · · Score: 1

      Is murdering murders a crime?

      Hey! What do you have against crows??

      --
      "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
    3. Re:More fraud by IamTheRealMike · · Score: 1

      Most advertising is fraudulent

      Lol. Citation needed.

    4. Re:More fraud by sjames · · Score: 1

      Only sometimes.

  5. i'm torn by X0563511 · · Score: 1

    Between being happy that someone is causing harm to advertisers, and being not happy that 2-million zombies are, well, existing.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    1. Re:i'm torn by 0123456 · · Score: 1

      There are much worse things people could be doing with two million zombie Windows PCs.

    2. Re:i'm torn by DigiShaman · · Score: 1

      ZeroAccess is particularly nasty. It sets up a P2P network with other infected machines and stores 8GB of crap in the Sysvol directory in Windows. I used Norton Power Eraser to remove the root kit. Because it runs in Kernel memory, the processes are hidden even if you use Process Explorer.

      --
      Life is not for the lazy.
  6. Europol keeping the world safe from click-fraud by JoeyRox · · Score: 0

    What a fantastic use of taxpayer funds.

    1. Re:Europol keeping the world safe from click-fraud by mythosaz · · Score: 1

      Yeah, going after organized crime seems a total waste...

    2. Re:Europol keeping the world safe from click-fraud by zlives · · Score: 3, Interesting

      so they finally jailed the bankers?

    3. Re:Europol keeping the world safe from click-fraud by Teun · · Score: 1

      Well, the article does mention Microsoft...

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  7. Socialism is winning? by Anonymous Coward · · Score: 0

    All because of open source? It is sad to see profitable, talented companies who invest in strong locks, experiment with a socialist model.

  8. Where can I download this? by Anonymous Coward · · Score: 0

    Wait, back up a second!

    You're telling me there's software that will automatically punish online advertisers? Where can I download this?

  9. anything that makes the life of advertisers worse by Anonymous Coward · · Score: 0

    makes me happy

    advertisers (and those who fund advertising) create a "botnet' of people's brains to extract money

    using a brain's processing power and storage capacity without consent is no different than doing the same thing on someone's computer without consent

  10. Ah ha by ShaunC · · Score: 1

    elaborate and lucrative scheme to defraud online advertisers

    So giant botnets, massively spreading keyloggers, etc. designed to defraud individuals are no big deal, but holy shit... Go after the advertisers' money and you're inviting the wrath of governments. Yep, I see how it works!

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  11. Microsoft Windows Botnets © by codeusirae · · Score: 1

    And these botnets wouldn't be viable without that leaky tub known as Microsoft Windows ..

  12. I would like to live on your planet by quixote9 · · Score: 1

    There are no snake oil salesmen. Fast food companies promise fat and pimples, not skateboarding youth and beauty. And when there's a 4-wheel drive SUV on a mountain peak, they're always careful to show you the helicopter putting it there.