To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
.
Leo
Newton
Brights
Milds

ZeroAccess botnet

From Wikipedia, the free encyclopedia

ZeroAccess is a Trojan horse computer malware that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine from a botnet while remaining hidden using rootkit techniques.[1]

YouTube Encyclopedic

  • 1/5
    Views:
    311
    712
    715
    21 096
    1 684
  • ZeroAccess/Sirefef gupdate service - Experiment 1
  • 29C3: The future of protocol reversing and simulation applied on ZeroAccess botnet (EN)
  • Dissecting the ZeroAccess/Sirefef Botnet - AT&T ThreatTraq
  • ZeroAccess rootkit kills security software
  • HitmanPro removes ZeroAccess (aka Sirefef) - 64-bit

Transcription

History and propagation

The ZeroAccess botnet was discovered at least around May 2011.[2] The ZeroAccess rootkit responsible for the botnet's spread is estimated to have been present on at least 9 million systems.[3] Estimates botnet size vary across sources; antivirus vendor Sophos estimated the botnet size at around 1 million active and infected machines in the third quarter of 2012, and security firm Kindsight estimated 2.2 million infected and active systems.[4][5]

The bot itself is spread through the ZeroAccess rootkit through a variety of attack vectors. One attack vector is a form of social engineering, where a user is persuaded to execute malicious code either by disguising it as a legitimate file, or including it hidden as an additional payload in an executable that announces itself as, for example, bypassing copyright protection (a keygen). A second attack vector utilizes an advertising network in order to have the user click on an advertisement that redirects them to a site hosting the malicious software itself. Finally, a third infection vector used is an affiliate scheme where third-party persons are paid for installing the rootkit on a system.[6][7]

In December 2013 a coalition led by Microsoft moved to destroy the command and control network for the botnet. The attack was ineffective though because not all C&C were seized, and its peer-to-peer command and control component was unaffected - meaning the botnet could still be updated at will.[8]

Operation

Once a system has been infected with the ZeroAccess rootkit it will start one of the two main botnet operations: bitcoin mining or click fraud. Machines involved in bitcoin mining generate bitcoins for their controller, the estimated worth of which was 2.7 million US dollars per year in September 2012.[9] The machines used for click fraud simulate clicks on website advertisements paid for on a pay per click basis. The estimated profit for this activity may be as high as 100,000 US dollars per day,[10][11] costing advertisers $900,000 a day in fraudulent clicks.[12] Typically, ZeroAccess infects the Master Boot Record (MBR) of the infected machine. It may alternatively infect a random driver in C:\Windows\System32\Drivers giving it total control over the operating system.[citation needed] It also disables the Windows Security Center, Firewall, and Windows Defender from the operating system. ZeroAccess also hooks itself into the TCP/IP stack to help with the click fraud.

The software also looks for the Tidserv malware and removes it if it finds it.[1]

See also

References

  1. ^ a b "Risk Detected". www.broadcom.com.
  2. ^ "Monthly Malware Statistics, May 2011". securelist.com.
  3. ^ Wyke, James (19 September 2012). "Over 9 million PCs infected – ZeroAccess botnet uncovered". Sophos. Retrieved 27 December 2012.
  4. ^ Jackson Higgins, Kelly (30 October 2012). "ZeroAccess Botnet Surges". Dark Reading. Archived from the original on 3 December 2012. Retrieved 27 December 2012.
  5. ^ Kumar, Mohit (19 September 2012). "9 million PCs infected with ZeroAccess botnet". The Hacker News. Retrieved 27 December 2012.
  6. ^ Wyke, James (4 April 2012). "The ZeroAccess rootkit". Sophos. p. 2. Retrieved 27 December 2012.
  7. ^ Mimoso, Michael (30 October 2012). "ZeroAccess Botnet Cashing in on Click Fraud and Bitcoin Mining". ThreatPost. Archived from the original on 3 December 2012. Retrieved 27 December 2012.
  8. ^ Gallagher, Sean (6 December 2013). "Microsoft disrupts botnet that generated $2.7M per month for operators". Ars Technica. Retrieved 9 December 2013.
  9. ^ Wyke, James. "The ZeroAccess Botnet: Mining and Fraud for Massive Financial Gain" (PDF). Sophos. pp. (Page 45). Retrieved 27 December 2012.
  10. ^ Leyden, John (24 September 2012). "Crooks can milk '$100k a day' from 1-million-zombie ZeroAccess army". The Register. Retrieved 27 December 2012.
  11. ^ Ragan, Steve (31 October 2012). "Millions of Home Networks Infected by ZeroAccess Botnet". SecurityWeek. Retrieved 27 December 2012.
  12. ^ Dunn, John E. (2 November 2012). "ZeroAccess bot has infected 2 million consumers, firm calculates". Techworld. Retrieved 27 December 2012.

External links

This page was last edited on 27 March 2023, at 04:58
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.