ZeroAccess Botnet Crippled, But Not Dead


The ZeroAccess rootkit, also known as Sirefef or max++, is a Trojan horse computer malware that infects Windows operating systems. It first appeared in the summer of 2011 and at present, the ZeroAccess botnet is one of the largest known peer-to-peer botnets in existence with a population upwards of 2 million infected computers. There is no central command or a major control server for ZeroAccess, which poses a major challenge for anybody attempting to sinkhole the botnet

The infection can be used to download other malware on an infected computer or form a botnet utilized mainly in Bitcoin mining or click fraud, while it remains hidden in the system system using rootkit techniques.

The authorities in Europe combined efforts with Microsoft Corp. recently in bringing down the “ZeroAccess” infection. The Botnet is “disrupted,” not “fully destroyed”, Microsoft itself admits that they “do not expect to fully eliminate the ZeroAccess botnet due to the complexity of the threat.” This is the Microsoft’s eight botnet takedown operation in the past three years.

forensics lab

With the help of Federal Bureau of Investigation USA and the European Cybercrime Centre, Microsoft led to the shutdown of the servers that were distributing the malicious software that has infected nearly 2 million computers all over the world. The ZeroAccess botnet’s masters were earning nearly $3 million USD every month from that. Microsoft took over control of 49 domains associated with the ZeroAccess botnet and that cripples significantly the botnet, but a lot more efforts are needed to eradicate the roots of this evil.

If you want to make sure you are not infected with this parasite, I will recommend you to use a reputable antimalware program and always stay up-to date.

Leave a Comment