icrosoft’s digital crimes unit, working together with the FBI and Europol, has busted one of the world’s largest botnets – a network of compromised computers that are used to generate spam, infect computers with viruses or flood a Web server with so many requests that it ends up breaking down.
ZeroAccess had infected as many as two million around the world with malware in order to trigger online fraud. How it worked was that it would lure unsuspecting users to dangerous sites and steal their details. It also generated fake ad clicks on infected computers in order to claim payment (as much as €3m per month) from advertisers.
Specifically, Microsoft and the FBI in the United States worked with Europol in Europe in order to coordinate a multi-jurisdictional criminal action targeting the 18 IP addresses (all of them located in Europe) operating the ZeroAccess botnet. Europol worked with officials in Latvia, Luxembourg, Switzerland, the Netherlands and Germany to execute search warrants and seizures on computer servers associated with the fraudulent IP addresses located in Europe.
“This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organisations and networks behind these dangerous botnets that use malicious software to gain illicit profits,” said Troels Oerting, head of the European Cybercrime Centre (EC3). “EC3 added its expertise, information communications technology infrastructure and analytic capability, as well as provided the platform for high-level cooperation between cybercrime units in five European countries and Microsoft.”
This is the second time in six months that Microsoft and law enforcement have worked together to successfully disrupt a prevalent botnet.
“The coordinated action taken by our partners was instrumental in the disruption of ZeroAccess; these efforts will stop victims’ computers from being used for fraud and help us identify the computers that need to be cleaned of the infection,” said David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit. “Microsoft is committed to working collaboratively — with our customers, partners, academic experts and law enforcement — to combat cybercrime. And we’ll do everything we can to protect computer users from the sinister activities and criminal networks that victimise innocent people and businesses around the world.”
Announcing the botnet bust on its website, Microsoft described ZeroAccess as “one of the most robust and durable botnets… built to be resilient to disruption efforts”.