Another massive botnet has been disrupted by Microsoft, which involves about 2 million machines all over the globe. This is the largest takedown of the Redmond-Washington based company in three years after it stepped up its battle against organized online criminals. A lawsuit was filed by the company in Texas and a judge’s order had been won that directed internet service providers to block all traffic to about 18 internet addresses, which had been utilized directly for conducting fraudulent activity on the infected machines. In many European countries, law enforcement served warrants at the same time and servers that had been expected to have evidence regarding the leaders of the ZeroAccess crime ring, an organization focused on ‘click fraud’, were seized.

Advertisers are cheated on search engines by such schemes and this includes Microsoft’s Bing. They make advertisers pay for such interactions that have no possibility whatsoever to lead to sales. According to Microsoft, this botnet had been costing advertisers on Yahoo, Bing and Google and the monthly cost estimate was somewhere around $2.7 million. The eighth time is marked by this coordinated effort of Microsoft when it made a move against the botnet and it is a very rare situation because the company would be doing serious damage to a botnet that’s controlled by a peer-to-peer mechanism.

In this particular mechanism, instructions are given by machines to each other instead of depending on a central server, which can be hunted down and disabled by defenders. Richard Boscovich, the Assistant General Counsel of Microsoft said that the botnet had been designed to be resilient to any efforts of disruptions and had enabled cyber criminals to control it remotely from thousands of computers because it was based on a peer-to-peer infrastructure. However, there still had been a weakness in the ZeroAccess botnet; the infected machines were instructed by their code to reach out to one of the 18 numeric IP addresses for details regarding the ads that were to be clicked.

Recently, a new Cybercrime Center had been opened by Microsoft in Redmond where new tools are being used for combating against Cybercrime. A provision in trademark provides them with assistance because it enables pretrial seizure of any suspected counterfeit goods, which includes websites such as that included in this case that are spreading and promoting tainted and corrupted versions of the Internet Explorer browser. Microsoft is cooperating fully with the national security authorities in different countries and also with internet service providers in order to inform the individual computer owners that their machines have been infected.

They hope to reach the victims before the fraudsters have the opportunity of sending new instructions. Evidence is being shared by Microsoft with Europol and the FBI, which are the law enforcement coordinating services of the continent. Seizure actions in Switzerland, Germany, Lavita, Netherlands and Luxembourg were conducted by national agencies as well. According to Boscovich, the fraudulent actions of this group have been curtailed for now and it is believed that the operators currently reside in Russia.

comments