(LiveHacking.Com) – According to a new report, 2.2 million home networks worldwide were infected with the ZeroAccess botnet during Q3 of 2012. The Kindsight Security Labs Q3 2012 Malware Report says that ZeroAccess was the most active botnet in Q3. It is estimated that 685,000 households in the United States were infected.
It seems that this malware is now also significantly affecting online advert revenue. ZeroAccess is an ad-click botnet where the bots engage in a sophisticated ad-click fraud scheme that could be costing advertisers almost a million dollars each day.
ZeroAccess and its morphed successor ZeroAccess2 use an encrypted P2P protocol to communicate with other peers. The botnet maintains communication through super-nodes, which is an infected PC that is directly connected to the internet without an intervening home router or other network address translation (NAT) device.
To earn money, the bot operators have a large number of web sites that host pay-per-click adverts. The bots are programmed to click on ads that are hosted by these sites earning money for the operator and costing the advertiser money. The list of websites to use is dynamic, as is the visit frequency. To prevent ad-click fraud detection the follow the ad-click through to the advertiser’s landing page through several layers of redirection, loading all the html, java-script and graphics components as would a regular browser.
The botnets also earn money through ‘Bitcoin mining’, a technique which creates false Bitcoin transactions. It is thought that about half of the ZeroAccess bots are working as Bitcoin miners. Bitcoins are said to be worth about $10 each and Sophos has estimated that ZeroAccess could be earning over $2.7M per year, however it is not clear if real money is actually involved, or if they are just used for playing Bitcoin games.
“The ZeroAccess botnet has grown significantly to become the most active botnet we’ve measured this year,” said Kevin McNamee, security architect and director, Kindsight Security Labs. “Cybercriminals are primarily using it to take over victim computers and conduct ad-click fraud. With ZeroAccess, they can mimic the human behavior of clicking online ads, resulting in millions of dollars of fraud.”