Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Symantec liberates half million computers from ZeroAcess Botnet

  • Please log in to reply
6 replies to this topic

#1 Grinler


    Lawrence Abrams

  • Admin
  • 43,640 posts
  • Gender:Male
  • Location:USA
  • Local time:06:17 AM

Posted 01 October 2013 - 09:05 AM

Symantec announced yesterday in a new blog article that they used a weakness in the ZeroAccess botnet to liberate over a half of million computers. Exploiting this weakness allowed Symantec to drop these infected computers from the botnet so that they no longer received and ran commands issued by the ZeroAccess developers.

Back in March Symantec began analyzing a weakness in ZeroAccess that would allow them to sinkhole infected computers from the botnet. ZeroAccess communicates with its infected computers through the use of a peer-to-peer command and control system. When ZeroAccess infected computers are sinkholed they are cut off from this command & control center so that they are no longer able to receive commands and execute them. Though these computers are still infected, they will no longer run further services for the malware developer such as Bitcoin Mining, which consumes large amounts of CPU power and electricity.

On June 29th, Symantec discovered that a new update was being pushed out for ZA that would potentially patch this known weakness. With this knowledge, Symantec acted quickly before they lost their chance and were able to sinkhole over a half a million computers. This operation has had a serious impact on the ZeroAccess organization and is estimated to have cut their revenue significantly.

BC AdBot (Login to Remove)


#2 Animal


    Bleepin' Animinion

  • Site Admin
  • 35,782 posts
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:17 AM

Posted 01 October 2013 - 12:47 PM

Nice to see a 'win' for the good guys.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)

"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 Sirawit


    Bleepin' Brony

  • Malware Response Team
  • 4,161 posts
  • Gender:Male
  • Location:Thailand
  • Local time:05:17 PM

Posted 02 October 2013 - 05:20 AM

Good news. :)

If I don't reply back to you in 2 days, feel free to send me a PM.


“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.

#4 systemsol


  • Members
  • 17 posts
  • Local time:05:17 AM

Posted 02 October 2013 - 07:06 AM

Interesting read here!



#5 King_Yoshi


  • Malware Study Hall Senior
  • 1,361 posts
  • Local time:06:17 AM

Posted 03 October 2013 - 08:30 AM

I also found a nice paper, from Trend Micro, on what "sinkholing" is. I had never heard of this term until now.


#6 diaz209


  • Members
  • 28 posts
  • Gender:Male
  • Location:Jamaica
  • Local time:06:17 AM

Posted 06 October 2013 - 07:31 PM

One more for the good guys.

Edited by diaz209, 06 October 2013 - 07:32 PM.

#7 Black Scorpion

Black Scorpion

  • Members
  • 33 posts
  • Local time:03:47 PM

Posted 08 October 2013 - 02:10 AM

Happy to hear something good.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users