Earlier in the month, Microsoft took action to thwart the efforts of the Sirefef botnet, also known ZeroAccess. Less than three weeks later, it seems as though the disruption caused by Microsoft working in conjunction with the FBI and Eurpol has borne fruit– the criminal who had been using the botnet to hijack search results appear to have just given up!
In a post on the Microsoft blog, Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit explains that the aim of the initial action was not necessarily to wipe out the botnet, but to raise awareness and clean up computer that had become infected.
By monitoring the activity of ZeroAccess it was possible to identify IP addresses that were being used. Europol’s European Cybercrime Centre and Germany’s Bundeskriminalamt’s Cyber Intelligence Unit to track down these new addresses.
Realizing that the net was closing it, the criminals apparently surrendered, sending out a message saying ‘WHITE FLAG” to infected computers. Boscivich said:
“We believe symbolizes that the criminals have decided to surrender control of the botnet. Since that time, we have not seen any additional attempts by the bot-herders to release new code and as a result, the botnet is currently no longer being used to commit fraud.”