Europol, Microsoft Target 2-Million Strong ZeroAccess Click Fraud Botnet

tsu doh nimh writes "Authorities in Europe joined Microsoft Corp. this week in disrupting 'ZeroAccess,' a vast botnet that has enslaved more than two million PCs with malicious software in an elaborate and lucrative scheme to defraud online advertisers. KrebsOnSecurity.com writes that it remains unclear how much this coordinated action will impact the operations of ZeroAccess over the long term, but for now the PCs infected with the malware remain infected and awaiting new instructions. ZeroAccess employs a peer-to-peer architecture in which new instructions and payloads are distributed from one infected host to another. The actions this week appear to have targeted the servers that deliver a specific component of ZeroAccess that gives infected systems new instructions on how to defraud various online advertisers, including Microsoft. While this effort will not disable the ZeroAccess botnet (the infected systems will likely remain infected), it should allow Microsoft to determine which online affiliates and publishers are associated with the miscreants behind ZeroAccess, since those publishers will have stopped sending traffic directly after the takedown occurred. Europol has a released a statement on this action, and Microsoft has published a large number of documents related to its John Doe lawsuits intended to unmask the botnet the ZeroAccess operators and shut down the botnet."

"Click fraud"

[i+kan+reed]

The term "Click fraud" didn't use to bother me, as a concept. Now it's just a symbol of getting a little bit of disinformation in on a horrendous web-based spying and manipulation industry. I don't sympathize with those trying to extract money from advertisers by lying, but I'm 100% behind their collective bankruptcy.

Re:"Click fraud"

[0123456]

I sometimes wonder whether anyone ever really clicks on an Internet ad, or it's all just bots. I guess a few people must do so now and again, if only by accident.

Re:"Click fraud"

[mspohr]

I click ads on Slashdot (even though I could disable them) in order to support the site. I've even bought stuff this way.

Re:"Click fraud"

[mythosaz]

Yup. Some of us actually believe in supporting the sites we use, which in some cases means submitting to their advertising in exchange for their content.

...and doing so without a rant about how the HTTP standard means I can only pull the parts I want because I lack the understanding of how society works.

[Cue the hosts file spam...]

More fraud

[Runaway1956]

Most advertising is fraudulent - defrauding the fraudsters is really a crime?

Re:Europol keeping the world safe from click-fraud

[zlives]

so they finally jailed the bankers?

Re:Cheaper

[LordLimecat]

Not sure if you guys are trolling or just misinformed. Windows bugs have long since ceased to be the exploit mechanism for viruses; last time I saw a breakdown on it (a year or so ago) it was something like 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, and a small percentage of OS vulnearabilities.

Additionally, since Vista, Windows' "security" has generally been as good or better than its competitors; it had strong ASLR before OSX / Linux, for starters. The issue is that none of that stuff protects against A) buggy plugins, or B) user-executed viruses (aka trojans). The other big issue is that theres been a ton of misinformation on the issue, particularly by Apple's marketing; Im really not clear why anyone would take advertising at face value, or assume that it is technically accurate. Didnt Apple fall FIRST in the first 5-6 Pwn2Own competitions?

Re:Cheaper

[tlhIngan]

Not sure if you guys are trolling or just misinformed. Windows bugs have long since ceased to be the exploit mechanism for viruses; last time I saw a breakdown on it (a year or so ago) it was something like 35% java holes, 25% adobe acrobat holes, 20% adobe flash holes, 10% browser holes, and a small percentage of OS vulnearabilities.

Additionally, since Vista, Windows' "security" has generally been as good or better than its competitors; it had strong ASLR before OSX / Linux, for starters. The issue is that none of that stuff protects against A) buggy plugins, or B) user-executed viruses (aka trojans). The other big issue is that theres been a ton of misinformation on the issue, particularly by Apple's marketing; Im really not clear why anyone would take advertising at face value, or assume that it is technically accurate. Didnt Apple fall FIRST in the first 5-6 Pwn2Own competitions?

And those vulnerabilities exist just to run user-mode worms, in the end - because having an administrator prompt suddenly appear without warning is a sure sign of an infection.

Despite all the rootkits and other stuff, if they can't find a privilege escalation hole, it runs in the background as a user-mode process - you don't need to be root to connect to port 25 or read a user's files, after all.

As for Pwn2Own, the results really are meaningless - if you break OS X, you win a MacBook. If you break Windows, you get a Sony laptop. If you break Linux, you get a Dell. And they aren't necessarily the nicest machines on the lineup, either.

Well geez, Apple, Sony, Dell. If you wanted a new laptop, which do you pick? Most people DO like the looks of a MacBook Pro (even the lowest end configuration is still a nice looking laptop). Then likely Sony comes next (their laptops are fairly good looking). Which leaves the Dell, for those who just want a laptop and try to avoid the massive crowds going for the more desirable units.

Results may be more interesting if they all were Macbooks or something so they'd all be equally desirable.

It's just the same if you offered up an iPhone 5s, a Galaxy S4, a Blackberry Q10 or Z10 and other phones. The iPhone will go first (generally), followed by the Galaxy S4 (it's still a nice phone), and BlackBerry probably will "survive" - does it make their OS more secure? Or just less desirable?