May 13, 2020

2.2 million homes were infected with the ZeroAccess botnet during Q3

(LiveHacking.Com) – According to a new report, 2.2 million home networks worldwide were infected with the ZeroAccess botnet during Q3 of 2012. The Kindsight Security Labs Q3 2012 Malware Report says that ZeroAccess was the most active botnet in Q3. It is estimated that 685,000 households in the United States were infected.

It seems that this malware is now also significantly affecting online advert revenue. ZeroAccess is an ad-click botnet where the bots engage in a sophisticated  ad-click fraud scheme that could be costing advertisers almost a million dollars each day.

ZeroAccess and its morphed successor ZeroAccess2 use an encrypted P2P protocol to communicate with other peers. The botnet maintains communication through super-nodes, which is an infected PC that is directly connected to the internet without an intervening home router or other network address translation (NAT) device.

To earn money, the bot operators have a large number of web sites that host pay-per-click adverts. The bots are programmed to click on ads that are hosted by these sites earning money for the operator and costing the advertiser money. The list of websites to use is dynamic, as is the visit frequency. To prevent ad-click fraud detection the follow the ad-click through to the advertiser’s landing page through several layers of redirection, loading all the html, java-script and graphics components as would a regular browser.

The botnets also earn money through ‘Bitcoin mining’, a technique which creates false Bitcoin transactions. It is thought that about half of the ZeroAccess bots are working as Bitcoin miners. Bitcoins are said to be worth about $10 each and Sophos has estimated that ZeroAccess could be earning over $2.7M per year, however it is not clear if real money is actually involved,  or if they are just used for playing Bitcoin games.

“The ZeroAccess botnet has grown significantly to become the most active botnet we’ve measured this year,” said Kevin McNamee, security architect and director, Kindsight Security Labs. “Cybercriminals are primarily using it to take over victim computers and conduct ad-click fraud. With ZeroAccess, they can mimic the human behavior of clicking online ads, resulting in millions of dollars of fraud.”


14% of home PCs are infected with malware

(LiveHacking.Com) – A new report has found that approximately 14 percent of home networks are infected with malware. The Kindsight Security Labs report, which highlights infections from April through June 2012, also says that the number of high-level threats, such as bots, Trojans and backdoors, increased by 50 percent when compared to the first three months of 2012.

According to the report 14% of residential households, which have fixed broadband, show evidence of malware infection. 9% of these households were infected by high threat level malware such as a botnet, rootkit or a banking Trojan. It is estimated that there are 100,000,000 households with broadband in the USA. That means that 14,000,000 households in the USA have malware on a computer somewhere in the home. Worse still that 9,000,000 of those households have a serious malware infection including a rootkit or a banking Trojan.

The primary way in which these computers get infected is via e-mail messages that lure victims to web sites running an exploit kit. The victim would typically receive an e-mail message from a business (like a bank or PayPal) or a government agency (like the IRS) informing them of an issue with their account. The link takes the user to a fake site (which looks reasonably close to the authentic one) but the fake site uses malicious techniques to infect the victim’s computer. Once infected the attacker goes on to install the malware of their choice, often a rootkit botnet such as Alureon or ZeroAccess.

Alternatively, the e-mail could just take the users directly to a download, often for fake anti-virus software which is actually a Spambot or a banking Trojan like Zeus or SpyEye. Or the e-mail will simply contain a zip file containing an executable malware file.

With the London Olympics approaching fast, McAfee also noticed a sharp increase in the number of Olympic related spam e-mails. These global event related e-mails are also a popular method used by hackers to lure users to follow links to malware infested sites.

“In recent months, we’ve seen the ZeroAccess botnet update its command and control protocol and grow to infect more computers while connecting to over one million computers globally,” said Kevin McNamee, security architect and director, Kindsight Security Labs. “The concern with ZeroAccess is that it is using the subscriber’s bandwidth maliciously which will cost them money as they exceed bandwidth caps. And, once the computer is compromised, it can also spread additional malware or launch new attacks.”

The report also highlights the recent Mac Flashback infection which infected 10% of home networks with Mac computers during the month of April.