- Gina Rodriguez has said N-word before, Twitter discovers Wednesday 6:54 PM
- How to stream Chiefs vs. Broncos on Thursday Night Football Wednesday 6:00 PM
- Feds take down dark web’s largest known child porn site Wednesday 5:33 PM
- Ben Shapiro says his ‘man body’ is just as controlled as women’s Wednesday 5:06 PM
- Genius turns Kylie Jenner’s ‘rise and shine’ meme into alarm ringtone Wednesday 4:14 PM
- In ‘Tell Me Who I Am,’ twin brothers grapple with hidden trauma Wednesday 4:13 PM
- Panama Papers law firm sues Netflix over ‘The Laundromat’ Wednesday 3:07 PM
- ‘Motherless Brooklyn’ is a gorgeous noir with little below the surface Wednesday 1:14 PM
- Jameela Jamil and Sara Sampaio got in a Twitter feud over ‘long-starved’ models Wednesday 12:52 PM
- Freddie Prinze Jr. will straight-up school you about the Force don’t @ him Wednesday 12:18 PM
- Woman hosts Instagram funeral after she ‘killed’ $102K in student debt Wednesday 11:45 AM
- YouTube beats Netflix as go-to streaming platform for teens Wednesday 11:41 AM
- The tallest man in America posts emotional YouTube video from hospital room Wednesday 11:31 AM
- Nintendo Switch subreddit implodes amid Hong Kong protests Wednesday 11:14 AM
- Biden yelling at Warren becomes relatable workplace meme Wednesday 10:33 AM
Microsoft partners with FBI to take down nefarious botnet
When it came to its own bottom line, the tech giant got in bed with the government.
Microsoft didn’t wait long after unveiling its state-of-the-art cybercrime center to make a calculated strike against online scam artists. The new facility, based on the company campus in Redmond, Wash., is already collaborating with law enforcement agencies worldwide to disrupt the sprawling and insidious ZeroAccess botnet—which not incidentally represents a grave threat to Microsoft customers and the tech giant itself.
ZeroAccess, sometimes identified as max++ or Sirefef, has harnessed the processing power of as many as 2.2 million enslaved PCs to carry out Bitcoin mining operations and other moneymaking schemes. Victims are tricked, in a variety of ways, into downloading a Trojan rootkit, which not only allows for further infiltration of a device but cleverly conceals any evidence of a malware attack, ensuring continued access.
Security blogger Brian Krebs wrote about how the botnet was recently tweaked so that infected computers would participate in so-called click fraud, “the practice of fraudulently generating clicks on ads without any intention of fruitfully interacting with the advertiser’s site.” That activity costs online advertisers as much as $2.7 million a month—so while the security and privacy of Microsoft Windows users are certainly compromised, ZeroAccess is bad for business across the board.
Working closely with the FBI, the cybercrime divisions of Europol and several European countries, and other industry players including A10 Networks—a sure indication of the increasingly cozy relationship between government and private tech, at least where their interests align—Microsoft filed a civil suit against eight individuals believed to be operating the ZeroAccess botnet. The company was also authorized “to simultaneously block incoming and outgoing communications between computers located in the U.S. and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes,” according to Europol.
So far, it’s been hard to gauge the impact of these moves, and it’s not as though the infected computers will be suddenly “cured.” As Krebs explained, the damage was done to “servers that deliver a specific component of ZeroAccess that gives infected systems new instructions on how to defraud various online advertisers.” That may significantly slow the spread of malware; stopping it altogether would be a more difficult matter.
The problem, according to Dell SecureWorks researcher Brett Stone-Gross, who has studied the resilience of malicious botnets in detail, is that ZeroAccess and similar entities are built to withstand such a blow. With a peer-to-peer network that scraps any point of failure to keep the rest of the botnet active, the operators can release a new plugin “to restart their click fraud and search engine hijacking activities,” he said.
Indeed, in response to the disruption the criminals swiftly uploaded a template identified as “zooclicker” to the millions of still-infected PCs and got their click-fraud scheme humming again—but it didn’t last, and the servers went down soon after. The next configuration files to appear carried the text “WHITE FLAG,” though there’s no telling if the surrender is permanent or even a simple feint. One gets the feeling, rather, that this war has just begun.
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'