Sign in with
Sign up | Sign in

The ZeroAccess Botnet Visualized on Google Earth

By - Source: F-Secure | B 26 comments

F-Secure has posted an impressive map of the ZeroAccess botnet as it spreads across North America and Europe.

According to the security firm, ZeroAccess has infected millions of computers globally and the KML files for Google earth currently show only 139,447 bot locations in the two provided screenshots. F-Secure is providing the KML as well as CSV files for download.

ZeroAccess is a fast spreading botnet that is based on a kernel-mode rootkit that runs on 32-bit and 64-bit Windows systems and acts as a delivery platform for other malware. The main infection technique is to tricking users on social platforms into running an executable file, often under the promise of free software. Sophos published a detailed description of ZeroAccess and the way it works.

 

Contact Us for News Tips, Corrections and Feedback

Display 26 Comments.
This thread is closed for comments
Top Comments
  • 25 Hide
    Wamphryi , September 30, 2012 10:05 AM
    It would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.
  • 22 Hide
    Gundam288 , September 30, 2012 10:47 AM
    luciferanoBotnet this, botnet that... They seem very popular with the bad hackers lately.

    You know what they say, only the bad ones get caught.


    Quote:
    The main infection technique is to tricking users on social platforms into running an executable file


    And I still remember when some one was convinced to delete his system32 folder to increase his FPS in Counter-Strike....

    Are people getting smarter or dumber? I wonder sometimes...
  • 20 Hide
    guru_urug , September 30, 2012 10:30 AM
    I must not be the only one who looked at those images and thought "SkyNet!"
Other Comments
  • 25 Hide
    Wamphryi , September 30, 2012 10:05 AM
    It would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.
  • 20 Hide
    guru_urug , September 30, 2012 10:30 AM
    I must not be the only one who looked at those images and thought "SkyNet!"
  • 5 Hide
    luciferano , September 30, 2012 10:31 AM
    Botnet this, botnet that... They seem very popular with the bad hackers lately.
  • 7 Hide
    Pennanen , September 30, 2012 10:32 AM
    guru_urugI must not be the only one who looked at those images and thought "SkyNet!"

    First thing that came to my mind was google chrome.
  • 22 Hide
    Gundam288 , September 30, 2012 10:47 AM
    luciferanoBotnet this, botnet that... They seem very popular with the bad hackers lately.

    You know what they say, only the bad ones get caught.


    Quote:
    The main infection technique is to tricking users on social platforms into running an executable file


    And I still remember when some one was convinced to delete his system32 folder to increase his FPS in Counter-Strike....

    Are people getting smarter or dumber? I wonder sometimes...
  • 8 Hide
    A Bad Day , September 30, 2012 1:06 PM
    gundam288And I still remember when some one was convinced to delete his system32 folder to increase his FPS in Counter-Strike....Are people getting smarter or dumber? I wonder sometimes...


    One of my friends compressed his boot folder, or deleted it.

    His computer didn't boot again...

    (If people had as much trouble with books as computers back in the medieval era): http://www.youtube.com/watch?feature=player_embedded&v=pQHX-SjgQvQ
  • 5 Hide
    A Bad Day , September 30, 2012 1:38 PM
    EDIT: I also forgot to mention,

    There's always an equilibrium of stupidity, from Harvard professors to CEOs to average joes.
  • 4 Hide
    thezooloomaster , September 30, 2012 2:05 PM
    WamphryiIt would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.


    The "Bleeping Computer" are one of the best places to go for that. Getting rid of malware is rarely easy.
  • 4 Hide
    alidan , September 30, 2012 2:36 PM
    WamphryiIt would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.


    if its based on a root kit than there is basicly no way for the average computer user to figure it out.
    granted, using an up to date linux cd boot made specifically for the purposes of diagnostics may be able to figure this crap out, i dont remember its name but i know there was one a while ago that i had on a cd as an in case.
  • 3 Hide
    luciferano , September 30, 2012 3:06 PM
    alidanif its based on a root kit than there is basicly no way for the average computer user to figure it out.granted, using an up to date linux cd boot made specifically for the purposes of diagnostics may be able to figure this crap out, i dont remember its name but i know there was one a while ago that i had on a cd as an in case.


    There are several Linux boot disks that can do that.
  • -1 Hide
    TechEnt , September 30, 2012 4:24 PM
    Quote:
    The main infection technique is to tricking users on social platforms into running an executable file, often under the promise of free software.


    So, you provide a link to a pdf which is an executable file. How do I know you didn't just get conned into spreading the infection. I now have to google it.

    Thank you for the article, but please go the extra step when it comes to security articles and the resources you refer. At least, personally vet them and indicate as such. That way your name is on the line if you didn't vet.
  • 1 Hide
    TechEnt , September 30, 2012 4:27 PM
    Granted, your name is on the line anyway because you published the article.
  • 11 Hide
    dr1337 , September 30, 2012 4:58 PM
    "But it said that I was a winner so I had to click on it"
  • 3 Hide
    nebun , September 30, 2012 5:27 PM
    here is the key word "social platforms"...sound to me that maybe someone withing these so called social network crated the malware, who knows, maybe it was the FBI, lol
  • 1 Hide
    master_chen , September 30, 2012 5:57 PM
    Russia stands strong. Good.
  • 3 Hide
    echondo , September 30, 2012 6:24 PM
    Seems to be infecting most of the East coast in the U.S. and Canada.

    Weird, I thought we were more stupid in California lol.
  • 0 Hide
    memadmax , September 30, 2012 6:44 PM
    I ran into something like this yesterday.
    WF with NS and ABer stopped it cold in its tracks.
    I knew that what I was doing was a no no, but I was curious to see what was going on and if I was protected or not.
  • 0 Hide
    luciferano , September 30, 2012 6:54 PM
    echondoSeems to be infecting most of the East coast in the U.S. and Canada.Weird, I thought we were more stupid in California lol.


    There's probably more than twice as many people in the central and eastern areas of the USA than in the western ares f the USA. I'd think that this has a significant impact on the eastern coast's greater amount of infections.
  • 2 Hide
    A Bad Day , September 30, 2012 10:37 PM
    echondoSeems to be infecting most of the East coast in the U.S. and Canada.Weird, I thought we were more stupid in California lol.


    If you compared the infection map with a population density map, they would look similar...
  • 3 Hide
    gabriel_g , October 1, 2012 12:12 AM
    The ZeroAccess Rootkit most of the times deletes the following windows services: Base Filtering Service, Windows Firewall Service, Windows Defender Service and Security Center Service. If you check Control Panel>Administrative Tools>Services and you are missing those four service you probably have it.
Display more comments