The ZeroAccess botnet is back in business (thanks to NT-based Windows and Google's Adsens...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

   "At its peak in 2013, ZeroAccess, also known as Sirefef, consisted
    of more than 1.9 million infected computers that were primarily
    used for click fraud and Bitcoin mining."

   "The botnet was reactivated on January 15, when it "again began
    distributing click-fraud templates to compromised systems"

   "To perpetrate click fraud, malware displays ads on infected
    computers and clicks on them, masking the clicks as legitimate
    user actions in order to generate advertising income for the
    botnet operators."

Anyone that spends a dime paying google for advertising services
(adsense) needs to read shit like this and understand what a load of
horse-shit internet advertising is, how much of it is worthless fraud.  
Google needs to have it's ass kicked in public by the tech press more
often and it's empire exposed as the fraud that it is.

   "The Dell SecureWorks researchers observed 55,208 unique IP
    addresses participating in the botnet between January 17
    and January 25 --  

    38,094 corresponding to compromised 32-bit Windows systems
    and 17,114 to 64-bit systems. The top ten affected countries
    are Japan, India, Russia, Italy, the U.S., Brazil, Taiwan,
    Romania, Venezuela and Germany."

Ah, the false promise that NT-based Windoze is oh, so secure continues.  
Even 64-bit versions.

I don't know what pile of horse shit is higher:  The fraud and
criminality that powers Google's advertising business, or the lie that
the bloated NT-based Windows is or could ever be secured and protected
from it's own internal complexity and incredibly bad coding.

=========================================================

The ZeroAccess botnet is back in business

After a six-month break, it resumes click-fraud activity

Jan 30, 2015

A peer-to-peer botnet called ZeroAccess came out of a six-month
hibernation this month after having survived two takedown attempts by
law enforcement and security researchers.

At its peak in 2013, ZeroAccess, also known as Sirefef, consisted of
more than 1.9 million infected computers that were primarily used for
click fraud and Bitcoin mining.

That was until security researchers from Symantec found a flaw in the
botnet's resilient peer-to-peer architecture. This architecture allowed
the bots to exchange files, instructions and information with each other
without the need for central command-and-control servers, which are the
Achilles' heel of most botnets.

By exploiting the flaw, Symantec managed to detach over half a million
computers from ZeroAccess in July 2013 and launched an effort to clean
them up in cooperation with ISPs and CERTs.

In December that same year the FBI, Europol, Microsoft and several
security vendors launched a second operation that further crippled the
botnet and led to those behind it capitulating. The botnet operators
actually sent an update to the infected machines that contained the
message "WHITE FLAG."

"We believe that action symbolizes that the criminals have decided to
surrender control of the botnet," Richard Domingues Boscovich, assistant
general counsel with the Microsoft Digital Crimes Unit, said at the time
in a blog post.

It didn't last long. Cybercriminals reactivated the botnet and used it
between March 21 and July 2, 2014, but then -- silence. Until now.

The botnet was reactivated on January 15, when it "again began
distributing click-fraud templates to compromised systems," researchers
from Dell SecureWorks said in a blog post Wednesday.

To perpetrate click fraud, malware displays ads on infected computers
and clicks on them, masking the clicks as legitimate user actions in
order to generate advertising income for the botnet operators.

ZeroAccess is only a shadow of its former self, as the attackers did not
attempt to infect new systems since December 2013. However, the new
activity this year indicates that they haven't completely given up on
it.

The Dell SecureWorks researchers observed 55,208 unique IP addresses
participating in the botnet between January 17 and January 25 -- 38,094
corresponding to compromised 32-bit Windows systems and 17,114 to 64-bit
systems. The top ten affected countries are Japan, India, Russia, Italy,
the U.S., Brazil, Taiwan, Romania, Venezuela and Germany.

"Although the threat actors behind ZeroAccess have not made any
measurable attempts to augment the botnet in more than a year, it
remains substantial in size," the SecureWorks researchers said. "Its
resiliency is a testament to the tenacity of its operators and
highlights the danger of malware using P2P networks."

http://www.computerworld.com/article/2877923/the-zeroaccess-botnet-is-back-in-business.html

Re: The ZeroAccess botnet is back in business (thanks to NT-based Windows and Google's Adsense)

Virus Troll crossposted:

Quoted text here. Click to load it

Isn't this where you are supposed to insert your silly advice telling  
everyone to "upgrade" to Windows 98?  LOL

--  
   -bts
   -This space for rent, but the price is high

Re: The ZeroAccess botnet is back in business (thanks to NT-based Windows and Google's Adsense)

"Beauregard T. Nasty" wrote:
  
Quoted text here. Click to load it

You have a problem with the groups I've cross-posted to?

You don't think that the info about the ZeroAccess botnet is applicable
to the 3 groups?

Or are you one of the usenet morons that thinks that crossposting
between usenet groups shouldn't happen, regardless how many thousand
groups exist and the similarity or commonality they may have?

Quoted text here. Click to load it

Ah, laughing klown.

I was supposed to include comments about win-98, so you and others could
feel superior about NT and laugh away the very real history of
vulnerability that NT just can't shake off or rise above, despite
thousands of patches and fixes created over many years.

So no- I didn't include any sort of comment about 98.

So now the ball is in your court to address my ridicule of NT and it's
line of perpetually vulnerable versions of Windoze.  Or fade back into
the woodwork where you came from.

Re: The ZeroAccess botnet is back in business (thanks to NT-based Windows and Google's Adsense)

On Sat, 31 Jan 2015 13:24:34 -0500, Virus Guy wrote:


Quoted text here. Click to load it

Hacked any good webcams lately Virus Troll?  

I see you've finally stopped forging your nym.  

It took a while! Slow are you?  

Are you tired of trying to get others to answer your questions?  

FWIW - zero actually.

Thane

Re: The ZeroAccess botnet is back in business (thanks to NT-based Windows and Google's Adsense)

Virus Guy crossposted:

Quoted text here. Click to load it

No, it was merely the reader's default attribution line.

Quoted text here. Click to load it

Not really. This botnet, and the means it uses to infect, is not a virus,  
so why post it to two groups about viruses?

Quoted text here. Click to load it

Crossposting in appropriate situations is fine. You didn't have one.

Quoted text here. Click to load it

Any version of Windows fits that description.

Quoted text here. Click to load it

(Yes, I *really was* laughing!)

Quoted text here. Click to load it

I don't feel superior to anyone. You just make me laugh.

Quoted text here. Click to load it
[SIC]
Quoted text here. Click to load it

All versions of Windows are vulnerable, even your precious 17-year-old  
Windows 98.

--  
   -bts
   -This space for rent, but the price is high

Site Timeline