Notorious botnet infecting 2 million computers disrupted

05 December 2013
Press Release
Press Release/News

This News/Press release is about Economic Crime

View all crime areas

A rampant botnet has been successfully disrupted in a transatlantic operation involving Europol’s European Cybercrime Centre (EC3) and law enforcement cybercrime units from Germany, Latvia, Luxembourg, Switzerland and the Netherlands as well as Europol’s European Cybercrime Centre (EC3). Furthermore the operation was supported by Microsoft Corporation’s Digital Crimes Unit and other technology industry partners.

The targeted botnet, known as Zeroaccess, is responsible for infecting over 2 million computers worldwide, specifically targeting search results on Google, Bing and Yahoo search engines, and is estimated to cost online advertisers US$ 2.7 million each month. Today’s action is expected to have significantly disrupted the botnet’s operation, increasing the cost and risk for the cybercriminals to continue doing business and freeing victims’ computers from the malware. The botnet worked as a Trojan horse affecting Windows operating systems so that malware could be downloaded.

Microsoft filed a civil suit against the cybercriminals operating the Zeroaccess botnet, and received authorisation to simultaneously block incoming and outgoing communications between computers located in the U.S. and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes. Due to Germany’s initiative Europol’s European Cybercrime Centre (EC3) coordinated a multi-jurisdictional criminal action targeting 18 IP addresses located in Europe. Thanks to the efforts of EC3 and the involved agencies search warrants and seizures on computer servers associated with the fraudulent IP addresses were executed in several of the involved countries.

“This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organisations and networks behind these dangerous botnets that use malicious software to gain illicit profits. EC3 added its expertise, ICT infrastructure and analytic capability, as well as providing the platform for high-level cooperation between cybercrime units in five European countries and Microsoft,” says Troels Oerting, Head of the European Cybercrime Centre (EC3). 

Due to its botnet architecture, Zeroaccess has been considered one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure which allows cybercriminals to remotely control the botnet from tens of thousands of different computers. Zeroaccess is used to commit a slew of crimes including search hijacking, which ‘hijacks’ people’s search results and redirects people to sites they had not intended or requested to go to in order to steal the money generated by their ad clicks. Zeroaccess also commits click fraud, which occurs when advertisers pay for clicks that are not the result of legitimate, interested human users’ clicks, but are the result of automated web traffic and other criminal activity.

The operation has been part of an extensive cooperative effort between international law enforcement and industry partners to dismantle cybercriminal networks, ensuring that people worldwide can use their computing devices and services with confidence, and demonstrates the value that coordinated operations have against cybercriminal enterprises.

The European Cybercrime Centre (EC3) is established to assist with high level coordination - and act as a Centre of Excellence - between the 28 EU Member States’ cybercrime units, and stakeholders in countries like Australia, Canada, Norway, Switzerland, the US and others. The coordination task also includes a strong outreach programme in which important private industry partners are included in order to maximise the EC3’s ability to combat organised crime on the Internet. This work is done with full transparency and openness, utilising Europol’s strong data protection regime to its full extent. Data protection, privacy and trust are key elements in combating online crime.

The European Cybercrime Centre (EC3) also provides information on its website , to educate the public on how to protect themselves: