Sophos Confirms Devastating Blow to ZeroAccess Botnet

Evolution of ZeroAccess detections

Researchers from Sophos have confirmed that the ZeroAccess botnet has received a devastating blow and that the number of malware infections has decreased considerably.

In December, Microsoft proudly announced that the cybercriminals behind the ZeroAccess botnet had raised the white flag and had given up on their operations.

The move came after the Redmond company and its partners took a crack at the botnet, despite the fact that no one expected that their activities would completely disrupt ZeroAccess.

Soon after Microsoft targeted the botnet’s fraud component, the bot herders started pushing out new plugins in an effort to keep their operations alive. However, the good guys took action to neutralize the servers used by the cybercrooks.

At one point, the malware authors sent out plugins that contained the string “White Flag.” Some people doubted the fact that the cybercriminals had really given up.

However, Sophos says the number of new droppers has decreased considerably. Furthermore, no new ZeroAccess infections have been spotted since the takedown efforts.

Users whose computers have been infected have started removing the malware.

“The ZeroAccess botnet has undoubtedly received the most devastating blow it has ever experienced during its lifetime. It seems that, for now at least, the botnet owners have given up, with no new plugins being pushed into the P2P network and no new droppers released onto the internet,” Sophos’ James Wyke noted in a blog post.

“The owners still have the capability to try to make the botnet work again as they can seed new files into the network, but with no new droppers being pushed the size of the botnet is rapidly decreasing,” Wyke added.

The expert believes that if the cybercriminals are not arrested, they will likely try to resurrect ZeroAccess with a new version of the P2P protocol and a plugin architecture that’s even more difficult to disrupt.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s