Microsoft disrupts botnet that generated $2.7M per month for operators

Microsoft's Digital Crimes Unit, the legal and technical team that has driven the takedown of botnets such as Bamital and Nitol in 2013, announced that it has moved with Europol, industry partners, and the FBI to disrupt yet another search fraud botnet.

The ZeroAccess botnet, also known as ZAccess or Siref, has taken over approximately 2 million PCs worldwide; Microsoft estimates that it has cost search engine advertisers on Google, Bing, and Yahoo over $2.7 million each month. After identifying the IP addresses of 18 command-and-control servers involved in directing ZeroAccess, Microsoft filed civil lawsuits against the botnet operators in the US District Court for the Western District of Texas. The court gave Microsoft permission in court to block traffic between them and PCs in the US using technology provided by networking vendor A10 Networks. As Microsoft executed the traffic block, Europol's European Cybercrime Center in Germany coordinated law enforcement raids on the locations of those IP addresses, resulting in the seizure of the servers involved. Law enforcement in Latvia, Germany, Switzerland, and Luxembourg were involved in the seizures.