Back in March Symantec began analyzing a weakness in ZeroAccess that would allow them to sinkhole infected computers from the botnet. ZeroAccess communicates with its infected computers through the use of a peer-to-peer command and control system. When ZeroAccess infected computers are sinkholed they are cut off from this command & control center so that they are no longer able to receive commands and execute them. Though these computers are still infected, they will no longer run further services for the malware developer such as Bitcoin Mining, which consumes large amounts of CPU power and electricity.
On June 29th, Symantec discovered that a new update was being pushed out for ZA that would potentially patch this known weakness. With this knowledge, Symantec acted quickly before they lost their chance and were able to sinkhole over a half a million computers. This operation has had a serious impact on the ZeroAccess organization and is estimated to have cut their revenue significantly.