By Charles Leaver

Endpoint Security Threat: ZeroAccess botnet still alive and kicking

Recent security efforts to wipe out known malicious botnet ZeroAccess have proven to be unsuccessful, as the infectious network continues to thrive and threaten endpoint security.

ZeroAccess’ network is comprised of approximately 1.9 million infected computers, according to Ars Technica. Furthermore, the resilient botnet currently generates about $700,000 annually from fraudulent advertising and 1,000 clicks each day. This grows the network of affected machines significantly on a daily basis.

Using its network of affected computers, the botnet has the electricity and hardware available to mine forms of online payments as well. A botnet with these destructive properties and data leakage reach is not often seen in the cybersecurity industry. Ars Technica in September called ZeroAccess “one of the most menacing botnets in current circulation,” due to its unusually large wave of infection and threat to endpoint security.

Botnet extermination attempt
Recently, security researchers attempted to wipe out the harmful botnet using a sinkhole technique. Ars Technica stated that this type of approach takes control of the command and control device utilized by botmasters to send and receive data from infected machines.

However, the would-be exterminators ran into the significant challenge of debilitating the botnet’s vast data exchange network. According to Ars Technica, while more traditional infections of this kind communicate with devices using a small number of servers, ZeroAccess transmits data with hundreds of peers. Furthermore, these peers also exchange data with hundreds of their peers. This creates a decentralized system that is immune to sinkhole techniques, stated Ars Technica.

In addition, The Nation reported ZeroAccess is different from traditional botnets because it does not have a central command and control server. Therefore, security experts cannot disable a set of attacker servers to stop infections and must seek alternative methods to take down the botnet.

Researchers were further shut down after identifying what they believed was a fatal flaw in the network’s peer-to-peer updating. The Nation stated that within such a system, peers present on the network become aware of one another and begin communicating information among themselves. Within ZeroAccess, peers are constantly in contact.

Although the security experts thought they could poison some ZeroAccess peers to take control of the network, they soon found that cybercriminals had updated the malware to patch the system weakness.

While ZeroAccess has not yet been neutralized, security experts are currently sharing information to identify infected systems and clear the devices, stated The Nation.

Organizations can employ a data loss prevention software in order to deal with botnets like ZeroAccess and avoid infections of this type.

Get the General Here