The ZeroAccess Botnet Visualized on Google Earth

By Wolfgang Gruener
published

F-Secure has posted an impressive map of the ZeroAccess botnet as it spreads across North America and Europe.

According to the security firm, ZeroAccess has infected millions of computers globally and the KML files for Google earth currently show only 139,447 bot locations in the two provided screenshots. F-Secure is providing the KML as well as CSV files for download.

ZeroAccess is a fast spreading botnet that is based on a kernel-mode rootkit that runs on 32-bit and 64-bit Windows systems and acts as a delivery platform for other malware. The main infection technique is to tricking users on social platforms into running an executable file, often under the promise of free software. Sophos published a detailed description of ZeroAccess and the way it works.

Contact Us for News Tips, Corrections and Feedback

Wolfgang Gruener
26 Comments Comment from the forums
  • Wamphryi
    It would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.
    Reply
  • guru_urug
    I must not be the only one who looked at those images and thought "SkyNet!"
    Reply
  • luciferano
    Botnet this, botnet that... They seem very popular with the bad hackers lately.
    Reply
  • Pennanen
    guru_urugI must not be the only one who looked at those images and thought "SkyNet!"First thing that came to my mind was google chrome.
    Reply
  • Gundam288
    luciferanoBotnet this, botnet that... They seem very popular with the bad hackers lately.You know what they say, only the bad ones get caught.


    The main infection technique is to tricking users on social platforms into running an executable file

    And I still remember when some one was convinced to delete his system32 folder to increase his FPS in Counter-Strike....

    Are people getting smarter or dumber? I wonder sometimes...
    Reply
  • A Bad Day
    gundam288And I still remember when some one was convinced to delete his system32 folder to increase his FPS in Counter-Strike....Are people getting smarter or dumber? I wonder sometimes...
    One of my friends compressed his boot folder, or deleted it.

    His computer didn't boot again...

    (If people had as much trouble with books as computers back in the medieval era): http://www.youtube.com/watch?feature=player_embedded&v=pQHX-SjgQvQ
    Reply
  • A Bad Day
    EDIT: I also forgot to mention,

    There's always an equilibrium of stupidity, from Harvard professors to CEOs to average joes.
    Reply
  • thezooloomaster
    WamphryiIt would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.
    The "Bleeping Computer" are one of the best places to go for that. Getting rid of malware is rarely easy.
    Reply
  • alidan
    WamphryiIt would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.
    if its based on a root kit than there is basicly no way for the average computer user to figure it out.
    granted, using an up to date linux cd boot made specifically for the purposes of diagnostics may be able to figure this crap out, i dont remember its name but i know there was one a while ago that i had on a cd as an in case.
    Reply
  • luciferano
    alidanif its based on a root kit than there is basicly no way for the average computer user to figure it out.granted, using an up to date linux cd boot made specifically for the purposes of diagnostics may be able to figure this crap out, i dont remember its name but i know there was one a while ago that i had on a cd as an in case.
    There are several Linux boot disks that can do that.
    Reply