Symantec takes on 500,000 botnet-infected computers
Symantec has seized 1.9 million computers those are highly infected by ZeroAccess Botnet. According to Symantec US has the highest infection rate, at 35.1 percent, with Japan number two on the list, with 9.3 percent.
The zombie computers were used for advertising and online currency fraud and to infect other machines. Security experts warned that any benefits from the takedown might be short-lived. The cybercriminals behind the network had not yet been identified, said Symantec.
One type of payload often associated with ZeroAccess is a click fraud Trojan. Once installed on a compromised computer, the Trojan downloads online advertisements and then generates artificial clicks, which can pay out dividends through pay-per-click (PPC) affiliate schemes.
The bots running fraud operations generated around 42 false ad clicks an hour, which can result in potential revenue generation of tens of millions of dollars a year for the botnet master, according to Symantec.
In addition, the botnet is also involved in bitcoin mining. The security team estimates that mining the virtual currency -- which is based on mathematical equations -- is potentially the most intensive activity conducted by the botnet, and consumes an additional 1.82 kWh per day for every infected computer left on. Multiplied by 1.9 million computers, that is enough energy to power 111,000 homes each day.
The company had set the ball in motion after noticing that a new version of the ZeroAccess software was being distributed through the network.
The updated version of the ZeroAccess Trojan contained modifications that made it more difficult to disrupt communications between peers in the infected network.
Symantec built its own mini-ZeroAccess botnet to study effective ways of taking down the network, and tested different takedown methods for two weeks.
The company studied the botnet and disabled the computers as part of its research operations, which feed into product development, said Ms Cox.
The zombie computers were used for advertising and online currency fraud and to infect other machines. Security experts warned that any benefits from the takedown might be short-lived. The cybercriminals behind the network had not yet been identified, said Symantec.
One type of payload often associated with ZeroAccess is a click fraud Trojan. Once installed on a compromised computer, the Trojan downloads online advertisements and then generates artificial clicks, which can pay out dividends through pay-per-click (PPC) affiliate schemes.
The bots running fraud operations generated around 42 false ad clicks an hour, which can result in potential revenue generation of tens of millions of dollars a year for the botnet master, according to Symantec.
In addition, the botnet is also involved in bitcoin mining. The security team estimates that mining the virtual currency -- which is based on mathematical equations -- is potentially the most intensive activity conducted by the botnet, and consumes an additional 1.82 kWh per day for every infected computer left on. Multiplied by 1.9 million computers, that is enough energy to power 111,000 homes each day.
The company had set the ball in motion after noticing that a new version of the ZeroAccess software was being distributed through the network.
The updated version of the ZeroAccess Trojan contained modifications that made it more difficult to disrupt communications between peers in the infected network.
Symantec built its own mini-ZeroAccess botnet to study effective ways of taking down the network, and tested different takedown methods for two weeks.
The company studied the botnet and disabled the computers as part of its research operations, which feed into product development, said Ms Cox.
Symantec takes on 500,000 botnet-infected computers
Reviewed by Ankit Kumar Titoriya
on
10:57
Rating:
Reviewed by Ankit Kumar Titoriya
on
10:57
Rating:
No comments: