Symantec Saves 500,000 PCs From Massive Botnet

Dennis Faas's picture

Security firm Symantec says it has disabled roughly 500,000 computers hijacked by a major botnet. Unfortunately, the botnet -- known as ZeroAccess -- still has around 1.4 million machines under its control.

A botnet is a network of machines that have fallen victim to malicious software. This allows the cybercriminals running the network to combine the machines to create a powerful weapon.

Sometimes botnet operators will use the computers to spread more malicious software, attack a business or government agency, or bring a website down.

Infected Machines Used For Bogus Ad Clicks

In this case the operators, who remain unidentified, are going straight for profit. They've set the computers to repeatedly send bogus signals to websites that simulate a real user clicking on an advertisement.

It means the botnet operators are able to fraudulently claim commission from the advertisers, even though no human is actually seeing the ads. (Source: bbc.co.uk)

It also appears the botnet is being used to generate cash by 'mining' the virtual currency Bitcoin.

The strategy is effective because the currency is generated by computers running a complex series of calculations to generate codes. A small proportion of these codes will turn into a new "coin", so the more computers you have working on Bitcoin mining, the more chance you have of making money.

Having millions of computers working on this is a bit like stealing millions of lottery tickets each week.

Blow to Botnet Unlikely to Be Fatal

The good news is that Symantec was able to create its own small-scale ZeroAccess botnet as a way to study and remotely disable it. The result: 500,000 machines have been cut off from the network. (Source: symantec.com)

Symantec has also passed on its research to the Internet Service Providers whose customers' PCs were contributing to the botnet's activity.

The bad news is that Symantec believes recent changes to the way the botnet works mean it will become harder to disable in the future. That means there's a good chance ZeroAccess will continue to grow and may eventually reclaim those 500,000 lost systems.

Rate this article: 
No votes yet