ZeroAccess Botnet Tops Security Vendor's Q1 Threat List

By | April 11, 2013

Posted in: Network Security Trends

The top threat impacting cybersecurity worldwide this quarter remains ZeroAccess, the Bitcoin mining botnet, according to network security vendor Fortinet.

Based on reporting from FortiGate devices worldwide, ZeroAccess is the number one botnet threat the team is seeing. ZeroAccess is used primarily for click fraud and Bitcoin mining.

Richard Henderson, security strategist and threat researcher for Fortinet’s FortiGuard Labs said in a press statement that the ZeroAccess botnet shows no signs of slowing.

“In the first quarter of 2013, we have seen owners of the ZeroAccess botnet maintain and expand the number of bots under its control,” said Henderson. “In the last 90 days, the owners of ZeroAccess have sent their infected hosts 20 software updates.”

The recent Distributed Denial of Service (DDoS) attacks leveled at Mt. Gox, the world's largest bitcoin exchange, may have vaulted to digital currency into the spotlight, but the ZeroAccess botnet has been plying its trade for quite some time.

According to Kindsight Security Labs Q4 Malware Report [PDF], ZeroAccess was the most active botnet in all of 2012, appearing in nearly 17 percent of all infected home networks.

Initially, the botnet was designed to distribute malware responsible for a massive ad-click fraud campaign. It later morphed in mid–2012, altering its infection process and Command & Control protocol. The click fraud version of the botnet began to wind down in ’12, while the Bitcoin mining iteration experienced tremendous growth, according to Kindsight.

Fortinet’s Henderson speculates that as the value of the digital currency continues to inflate, the amount of money being made by ZeroAccess could potentially be in the millions of dollars or more, according to the report.

“As Bitcoin’s popularity and value increases, we may see other botnet owners attempt to utilize their botnets in similar fashions or to disrupt the Bitcoin market,” he added.

These comments were issued prior to Wednesday's Bitcoin price correction. This price tumble could mean that those DDoS attacks may have taken their toll on the digital currency. What that means for the future of the ZeroAccess botnet is up for speculation. It evolved once before, so there is no telling where it could head as the year goes on.

You May Also Be Interested In: