Over Two Million Home Networks Infected with ZeroAccess Botnet

Anthony Freed
By | October 30, 2012

Posted in: Network Security Trends

If ghosts and goblins running amok for the Halloween season aren't enough to scare you, how about the continued propagation of malware? Some 13% of home networks in North America are thought to be infected with malicious agents. Of those contaminated systems, half (6.5%) are infected with high-level threats including botnets, rootkits, and a banking Trojans, according to a study released today. The report makes note of the continued spread of the ZeroAccess botnet, with 2.2 million home networks worldwide being infected with the agent, including nearly one in every 125 networks in North America.

ZeroAccess is hard to detect and difficult to remove without damaging the infected system, and it is increasingly being employed by cyber criminals in widespread click fraud campaigns that could be costing advertisers as much as $900,000 per day, according to the study by Alcatel-Lucent subsidiary Kindsight.

“The ZeroAccess botnet has grown significantly to become the most active botnet we’ve measured this year. Cybercriminals are primarily using it to take over victim computers and conduct ad-click fraud. With ZeroAccess, they can mimic the human behavior of clicking online ads, resulting in millions of dollars of fraud,” said Kindsight 's Kevin McNamee in a press release.

ZeroAccess is commonly spread through scareware tactics on the Internet that use pop-up alerts to direct unwitting internet users to download the malicious code by alerting targets of a bogus infection on their computer and offering to provide a free scan and mitigation to clean the device.

Adding insult to injury for the defrauded online advertisers, many online ad network service providers may be complicit to a degree in the activities of the cyber criminals' use of ZeroAccess to commit click fraud, according to IT Harvest’s Chief Research Analyst Richard Stiennon.

"The Zero Access botnet is a throwback to the early 2000s: 'clicking' on ads to generate revenue for the fraudsters. The ad networks are colluding in this model because they too earn money at the expense of the advertisers. Ad networks should provide better defenses against click fraud and provide assurances to advertisers that they are doing so," Stiennon told Security Bistro.

The quarterly malware report is part of a series which examines trends in infections targeting home networks, consumer mobile devices, and those systems that are connected through mobile adapters, and provides a snapshot of malicious network traffic. While infections on home systems remained fairly level since the second quarter, malware infecting mobile devices rose about 3%, with nine out of ten infections attributed to the spread of adware.

The report also provides a deeper look at other malware developments over the last quarter, including TDSS rootkits, which researchers at Kaspersky Lab discovered was driving a super-botnet thought to have infected as many as 4.5 million devices in 2011.

TDSS infections include the TDL4 variant which manifests as an infection in the master boot record of an infected PC by using kernal-level code. Although there have been numerous patches released to eliminate risks posed by TDSS rootkits, the continued evolution of the malicious code at the hands of malware developers has thus far outpaced mitigation efforts.

You May Also Be Interested In: