Skip to main content

Microsoft blocks notorious ZeroAccess botnet

Microsoft and law enforcement agencies have successfully disrupted ZeroAccess, one of the world's largest and most rampant botnets.

Working alongside the Federal Bureau of Investigation (FBI), Europol's European Cybercrime Centre (EC3) and leaders in the technology industry, Microsoft claims to have "significantly" affected the botnet's operation in a way that will increase the cost and risk for cybercriminals using it.

ZeroAccess, also known as the Sirefef botnet, is responsible for infecting more than two million computers worldwide. By targeting search results on Google, Bing and other search engines, the botnet hijacks the search and redirects users to sites designed to steal their details.

It is estimated that ZeroAccess also costs online advertisers $2.7 million each month by generating fraudulent ad clicks from computers that have been infected.

It is the first botnet action from Microsoft since unveiling its new Cybercrime Centre last month.

"This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organizations and networks behind these dangerous botnets that use malicious software to gain illicit profits," said Troels Oerting, head of the EC3.

"EC3 added its expertise, information communications technology infrastructure and analytic capability, as well as provided the platform for high-level cooperation between cybercrime units in five European countries and Microsoft."

According to Microsoft, ZeroAccess is one of the most "robust and durable" botnets in operation today. The technology firm estimate that more than 800,000 ZeroAccess-infected computers were active on the internet on any given day in October.

David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit, said: "The coordinated action taken by our partners was instrumental in the disruption of ZeroAccess; these efforts will stop victims' computers from being used for fraud and help us identify the computers that need to be cleaned of the infection.

"Microsoft is committed to working collaboratively — with our customers, partners, academic experts and law enforcement — to combat cybercrime. And we'll do everything we can to protect computer users from the sinister activities and criminal networks that victimize innocent people and businesses around the world."