- Game developer Chucklefish accused of whitewashing characters of color Monday 5:22 PM
- Apple TV’s ‘Hala’ is a silent explosion of a coming-of-age film Monday 5:20 PM
- This new video game apparently lets you play Jesus Monday 4:02 PM
- Golden toilet creator sells world’s most expensive banana—only for another artist to eat it Monday 3:24 PM
- This new Chinese video game lets players attack Hong Kong protesters Monday 3:05 PM
- These TikTok videos that recreate NPC interactions from Skyrim are honestly incredible Monday 2:40 PM
- John Legend defends pro-consent ‘Baby It’s Cold Outside’ lyrics Monday 2:38 PM
- Video shows UC Berkeley student using racial slurs, making homophobic comments Monday 2:36 PM
- New video reveals Brother Nature instigated sandwich shop fight Monday 2:06 PM
- Lizzo’s thong dress breaks the internet Monday 1:25 PM
- Pixel Buds 2 or Apple AirPods 2: Which are right for you? Monday 1:09 PM
- It’s 2019: Make your holiday cards online, for free this year Monday 12:47 PM
- Fighting over the ‘Marriage Story’ fight scene becomes a meme Monday 12:41 PM
- ‘Trump is innocent!’: InfoWars correspondent interrupts impeachment hearing Monday 12:12 PM
- Video shows runner smacking reporter’s butt on live TV Monday 11:46 AM
Microsoft partners with FBI to take down nefarious botnet
When it came to its own bottom line, the tech giant got in bed with the government.
Microsoft didn’t wait long after unveiling its state-of-the-art cybercrime center to make a calculated strike against online scam artists. The new facility, based on the company campus in Redmond, Wash., is already collaborating with law enforcement agencies worldwide to disrupt the sprawling and insidious ZeroAccess botnet—which not incidentally represents a grave threat to Microsoft customers and the tech giant itself.
ZeroAccess, sometimes identified as max++ or Sirefef, has harnessed the processing power of as many as 2.2 million enslaved PCs to carry out Bitcoin mining operations and other moneymaking schemes. Victims are tricked, in a variety of ways, into downloading a Trojan rootkit, which not only allows for further infiltration of a device but cleverly conceals any evidence of a malware attack, ensuring continued access.
Security blogger Brian Krebs wrote about how the botnet was recently tweaked so that infected computers would participate in so-called click fraud, “the practice of fraudulently generating clicks on ads without any intention of fruitfully interacting with the advertiser’s site.” That activity costs online advertisers as much as $2.7 million a month—so while the security and privacy of Microsoft Windows users are certainly compromised, ZeroAccess is bad for business across the board.
Working closely with the FBI, the cybercrime divisions of Europol and several European countries, and other industry players including A10 Networks—a sure indication of the increasingly cozy relationship between government and private tech, at least where their interests align—Microsoft filed a civil suit against eight individuals believed to be operating the ZeroAccess botnet. The company was also authorized “to simultaneously block incoming and outgoing communications between computers located in the U.S. and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes,” according to Europol.
So far, it’s been hard to gauge the impact of these moves, and it’s not as though the infected computers will be suddenly “cured.” As Krebs explained, the damage was done to “servers that deliver a specific component of ZeroAccess that gives infected systems new instructions on how to defraud various online advertisers.” That may significantly slow the spread of malware; stopping it altogether would be a more difficult matter.
The problem, according to Dell SecureWorks researcher Brett Stone-Gross, who has studied the resilience of malicious botnets in detail, is that ZeroAccess and similar entities are built to withstand such a blow. With a peer-to-peer network that scraps any point of failure to keep the rest of the botnet active, the operators can release a new plugin “to restart their click fraud and search engine hijacking activities,” he said.
Indeed, in response to the disruption the criminals swiftly uploaded a template identified as “zooclicker” to the millions of still-infected PCs and got their click-fraud scheme humming again—but it didn’t last, and the servers went down soon after. The next configuration files to appear carried the text “WHITE FLAG,” though there’s no telling if the surrender is permanent or even a simple feint. One gets the feeling, rather, that this war has just begun.
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'