Security firm Symantec says it has taken a chunk out of one of the world’s largest known botnets.
ZeroAccess, which comprises 1.9 million infected PCs, is used to earn money for its operators by generating false advertising clicks and ‘mining’ bitcoins, using infected computers to conducted the algorithmic calculations used to generate the digital currency.
Symantec estimates that the botnet has a costs its victims a combined $560,887 every day.
In April, security company FortiNet identified ZeroAccess as the “number one threat” identified by users of its software. At the time, it was seeing 100,000 new infections every days.
Unlike other botnets which are co-ordinated by a command and control (C&C) server, ZeroAccess is a peer-to-peer network of 1.9 million infected computers, with no central ‘brain’.
This peer-to-peer nature makes it resilent to disruption, Symantec says, but earlier this year the company began to discover its vulnerabilities.
In June, Symantec successfully disrupted the botnet by using a DNS “sinkhole”, which involves redirected IP traffic from the infected computers to spoof domain name servers. This meant that half a million infected PCs were no longer able to send or receive instructions.
“What this exercise has shown is that despite the resilient [peer-to-peer] architecture of the ZeroAccess botnet, we have still been able to sinkhole a large portion of the bots,” said the company on its blog. “In the meantime, Symantec have been working together with ISPs and CERTs worldwide to share information and help get infected computers cleaned.”
