Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 28 May, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Partial sinkholing of ZeroAccess botnet frees around half a million compromised endpoints

by The Gurus
September 10, 2020
in Editor's News
Share on FacebookShare on Twitter

The ZeroAccess botnet, which has control of around two million endpoints, has begun to be sinkholed with around a quarter of its connections removed.

The actions by Symantec researchers, after it found a weakness that offered a complicated method to sinkhole the botnet, have allowed it to detach over half a million PCs in only five minutes.
In its work, Symantec spotted the flaw in an update in its peer-to-peer command and control (C&C) architecture, a key feature of the botnet as it does not have a central server, making it harder to sinkhole and bring under lawful control.
Upon infection, the Trojan opens a back door and connects to a (C&C) server, which allows the remote attacker access to the compromised computer. The attacker is then able to perform any number of actions on the computer.
According to Symantec, ZeroAccess bots become aware of other peers and can propagate instructions and files throughout the network quickly and efficiently with constant communication between peers. ZeroAccess ensures that each peer continuously connects with other peers to exchange peer lists and check for updated files, making it highly resistant to any take-down attempts.
Among its main activities are Bitcoin mining and click-fraud Trojan distribution, which downloads online advertisements and generates artificial clicks on the ads, paying out in pay-per-click affiliate schemes.
Symantec previously rated ZeroAccess with a “high” wild level, “medium” damage level and “easy” threat containment. Now, it is working with ISPs and global CERTs to share information and help get infected computers cleaned.
Alan Neville, threat intelligence analyst at Symantec, said: “By sinkholing this botnet Symantec has taken the first step in neutralising this threat by removing control from the attackers. Symantec is now sharing information about infected bots with ISPs and CERTs who can assist in cleaning up infected machines. A number of these are still under the botmaster’s control, however, network owners are being provided with information which will assist them in remediating these computers.
“With regards to the remaining 50 per cent of the botnet, Symantec is sharing reliable network signatures which could be used by network operators to identify clients that are infected with ZeroAccess and we are continuing to research how to impact the upgraded part of ZeroAccess infections.”
FacebookTweetLinkedIn
ShareTweet
Previous Post

Tim Berners-Lee says 'surveillance threatens web'

Next Post

Opinions conflict on MoD decision to use "reservists"

Recent News

SnapDragon Monitoring scam advice

Tips to Protect Against Holiday and Airline Scams

May 25, 2023
Access Segmentation & Encryption Management from MyCena

New security model launched to eliminate 95% of cyber breaches

May 25, 2023
KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

May 25, 2023
Purple Logo, capitalised letters: SALT.

Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated

May 24, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information