Symantec grapples with one of the largest botnets in history

By on October 1, 2013, 6:30 PM
symantec, botnet, bitcoin, fraud, click fraud, scammer, sinkhole, bitcoin mining, zeroaccess

Symantec is going toe to toe with ZeroAccess, one of the largest known botnets in existence today. On any given day, ZeroAccess has upwards of 1.9 million computers at its disposal... or at least, it did. The team has been working on a method called a sinkhole to take down the botnet since March but a report published by security researchers in May discussing the weakness likely prompted the ZeroAccess botmaster to upgrade the botnet to prevent the sinkhole.

As such, a new version of the botnet surfaced that patched the flaw which made it vulnerable to being sinkholed. With a viable plan in place, Symantec moved ahead with the plan and began to sinkhole non-updated ZeroAccess infections on July 16. The operation resulted in the detachment of over half a million bots and made a serious dent in the number of bots controlled by the botmaster.

To understand the impact of the sinkhole, Symantec suggests users need to understand exactly what the botnet is used for.

Unlike other botnets, ZeroAccess appears to be designed primarily to deliver payloads to infected machines. Those payloads are what cause the problems and with ZeroAccess, it boils down to two types that are both aimed at generating revenue: click fraud and Bitcoin mining.

In laboratory testing, Symantec found that each bot generated roughly 42 false ad clicks per hour which could potentially earn the botmaster tens of millions of dollars in revenue per year. A single computer mining Bitcoin is likely to earn less than $1 per year but if you have 1.9 million machines at your disposal, the equation changes completely.

The job isn’t finished, Symantec warned, but they’ve put a pretty heavy dent in the botnet. They are now working with ISPs and CERTs across the globe to share information and help clean infected machines.




User Comments: 13

Got something to say? Post a comment
1 person liked this | VitalyT VitalyT said:

This is some stupid wild goose chase.

They should be looking into the qui bono, find the profiteers and cut their balls off, to prevent their kind from breeding.

Sweep the house afterwards.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

Symantec found that each bot generated roughly 42 false ad clicks per hour which could potentially earn the botmaster tens of millions of dollars in revenue per year. A single computer mining Bitcoin is likely to earn less than $1 per year but if you have 1.9 million machines at your disposal, the equation changes completely.
So bitcoin mining is basically used for advertising false click generation. Now I can see where the value behind mining for bitcoins is at. As much as I hate advertising, this makes me want to mine for bitcoins just to further offset the accuracy of ad clicks. But then if I did that, I would at least want to control which ads were falsely promoted.

Adhmuz Adhmuz, TechSpot Paladin, said:

Alright VitalyT, you find the guy, I'll bring the knife and restraints. I think we should just burn the house afterwards, we don't want any possibility that the site be used to further infect the internet.

Skidmarksdeluxe Skidmarksdeluxe said:

Taking these creatures down is one thing... What about the 30 others that start up after them? It's always going to be fighting a losing battle.

SEverard said:

Symantec found that each bot generated roughly 42 false ad clicks per hour which could potentially earn the botmaster tens of millions of dollars in revenue per year. A single computer mining Bitcoin is likely to earn less than $1 per year but if you have 1.9 million machines at your disposal, the equation changes completely.
So bitcoin mining is basically used for advertising false click generation. Now I can see where the value behind mining for bitcoins is at. As much as I hate advertising, this makes me want to mine for bitcoins just to further offset the accuracy of ad clicks. But then if I did that, I would at least want to control which ads were falsely promoted.

Incorrect. Bitcoin mining is not the same as false clicks. Bitcoin mining is done by a series of number-crunching calcuations on the CPU to mine coins. This botnet uses the PC and a host to do these calculations and mine coins. False clicks are false clicks on ads, most probably ads set up by the botnet writer, and then they get paid for the clicks per ad building revenue. Bitcoin mining is not related to false clicks but this botnet does both in one botnet.

Tygerstrike said:

This is insane!!! Im betting this group is comprised of only a few individuals. Its the internet and as such EVERYTHING is trackable at some point. WHY HAS THIS GROUP CONTINUED!!!!! I mean I will post the most OBVIOUS question here...WHO is collecting the money?? Money is tracked, payments are tracked. In order to get paid this group had to put their information out there. How can they NOT find these people?? Unless the very same people we ask to do this task are the ones running it......

cliffordcooley cliffordcooley, TechSpot Paladin, said:

Incorrect. Bitcoin mining is not the same as false clicks.
Then where does the value of the bit-coin come from? Someone must be interested in the number crunching results which places value on the coin. If you can't tell me where the value is at, then I will stick to my hypothesis on false-click generation.

SEverard said:

Then where does the value of the bit-coin come from? Someone must be interested in the number crunching results which places value on the coin. If you can't tell me where the value is at, then I will stick to my hypothesis on false-click generation.

Just look at the website. Don't make assumptions just because you can't be arsed to do any research on bitcoins at all. https://www.weusecoins.com/en/

SEverard said:

This is insane!!! Im betting this group is comprised of only a few individuals. Its the internet and as such EVERYTHING is trackable at some point. WHY HAS THIS GROUP CONTINUED!!!!! I mean I will post the most OBVIOUS question here...WHO is collecting the money?? Money is tracked, payments are tracked. In order to get paid this group had to put their information out there. How can they NOT find these people?? Unless the very same people we ask to do this task are the ones running it......

Only the ads could really be traceable. Bitcoins is set up on the basis that it is [almost] completely traceable. It's why it is the only currency allowed to be used on Silk Road and why it is the preference of anonymous virus programmers.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

Just look at the website. Don't make assumptions just because you can't be arsed to do any research on bitcoins at all. https://www.weusecoins.com/en/
Which explains nothing about what all the processing is for. I'm not a complete *****, the processing from our machines are done for a cause which is not explained. Don't tell me our machines process 24/7 for the simple title of bitcoin. I'm still reading answers that does nothing to invalidate my hypothesis.

SEverard said:

Which explains nothing about what all the processing is for. I'm not a complete *****, the processing from our machines are done for a cause which is not explained. Don't tell me our machines process 24/7 for the simple title of bitcoin. I'm still reading answers that does nothing to invalidate my hypothesis.

Just because it doesn't invalidate your hypothesis doesn't mean it's right. The reason there is nothing to explicitly invalidate your hypothesis is because it is not related in any way at all. As I said before, you can find everything on the Bitcoin website, especially in the questions and answers section. You're incorrect and continuing to argue a point you know nothing about is a pointless exercise. Do some proper research before you come up with random and ungrounded hypotheses.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

As I said before, you can find everything on the Bitcoin website, especially in the questions and answers section.
I did look before my last comment and didn't see anything on what our machines are processing. Since you seem to know, why are you so negligent in explaining? If you can explain please do so, if not I'm not interested in hearing your degrading speeches that say nothing to correct my comment.

SEverard said:

I did look before my last comment and didn't see anything on what our machines are processing. Since you seem to know, why are you so negligent in explaining? If you can explain please do so, if not I'm not interested in hearing your degrading speeches that say nothing to correct my comment.

You make a fair point. The reason I'm not explaining is that I'm not very good at it (as you can probably tell). Also there is quite a long explanation for it but hopefully this link will explain it much better than I could and answer your question. Sorry for the bad attitude previously. Haven't had much sleep!

[link]

Edit: Very basic shot explanation: The mining is processing blocks. The blocks contain the transactions, the solution verifies its validity. You are rewarded with Bitcoins for doing this as you are doing the work of Bitcoins. Without validating the transactions the Bitcoin transactions can't be made and so if you are mining you are doing a necessary job.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.