Microsoft Efforts Remain Incomplete to Take Down ZeroAccess - Experts

Microsoft revealed in the first week of December 2013, an attempt by it to uproot the infamous ZeroAccess botnet but experts' debate that attempts of such type by it won't be successful till the security firms work collectively and therefore, it appears that efforts made by Microsoft remain unfinished, as reported by Softpedia.com on 9th December, 2013.

In a blog jointly posted by Yacin Nadji, Ph.D. Student at Georgia Tech, and Manos Antonakakis, Chief Scientist at Damballa highlighted that any significant act against ZeroAccess should disrupt its P2P (peer-to-peer) communications channel, as reported by securityweek.com on December 9, 2013.

Microsoft has struck the click-fraud module which, as accords to Damballa, can be reinstated, in a short span of time by propelling an updated binary over the P2P channel.

And to make matters more difficult, it seems that the taking down of the click-fraud component is incomplete and this would have been insufficient even if the botnet (ZeroAccess) did not employ a P2P C&C, noted experts, as published by Softpedia.com on 9th December.

As regards the click-fraud part, Damballa declares that about 62% of that component of the infrastructure appears to be functioning.

According to Nadji, the cybercriminals might be running shortly so as to obtain more servers and human domain names and then a fresh text file being updated with new details totaling that the attempts to send novel configured files is far cheaper to a criminal than reconstructing from scratch, as reported by Threatpost.com on 9th December, 2013.

P2P botnets such as ZeroAccess, diversified editions of Zeus (ZBOT), Kelihos have been hard to restrain, hijacked botnets communicate to one another instead of talking to a central web server.

Commenting on the same topic, David Harley, ESET Senior Research Fellow said that this is certainly not the ending of ZeroAccess, as he went on to add that he doubts that this effort would permanently shut down the botnet from its metaphorical streets anymore than disruptions done previously. P2P botnets are difficult to kill and this (botnet) has exhibited extreme resilience and the capability to evolve than most of the previous efforts to leash it in.

» SPAMfighter News - 12/17/2013