Microsoft vs. World’s Largest Network Infection

Since its vow three years ago to step up the offense against organized cyber crime, Microsoft announced today that it has uncovered a botnet scheme that involved over 2 million machines globally and had been costing Yahoo, Bing and Google around 2.7 million USD every month.

The 2 million computer strong botnet scheme was headed by a criminal organization called ZeroAccess.  The scheme used malicious software to turn poorly secured Laptops and PCs around the world into zombie machines.  Once infected, the computers act as slaves, generating vast amounts of fraudulent advertiser and search engine revenue through a process largely undetectable to users.

In response, software giant, Microsoft filed a lawsuit in which the judge ruled that internet service providers would begin blocking traffic from 18 originating IP addresses that were controlling the army of compromised devices.

While the court ruling offers a short term solution, the complexity of the ZeroAccess botnet renders it a temporary one.  The botnet uses peer-to-peer communication, allowing zombie computers to share information and update without a pilot machine or central server.  With the 18 IPs blocked, the malware has no way to inherit the information it uses to targets ads.  However, if ZeroAccess changes the IPs that the malware uses, these slave machines will reactivate and a new wave of ad fraud will begin.

This marks the eighth instance that Microsoft has taken a stand against botnets.  However, its current efforts against ZeroAccess are unprecedented.  The company recently unveiled a new Cyber Security Center in Redmond, Virginia and is presently working with the FBI and Europol.  In Europe, law enforcement is already serving warrants and seizing servers in hopes of finding out more about this anonymous group.