Microsoft said late Thursday that it executed a concerted action with Europol against the servers and domains controlled by the Sirefef or ZeroAccess botnet.
The botnet, responsible for hijacking about 2 million PCs and using them for clickjacking and search fraud, was recently crippled by Symantec, which discovered a way to retake control of about a quarter of the infected PCs. More than 800,000 ZeroAccess-infected PCs were active and connected at any given time, research by UC San Diego showed. Although the botnet is expected to remain active, Microsoft said that it had “significantly disrupted” it.
Last week, Microsoft filed a civil suit against the cybercriminals operating the ZeroAccess botnet and won the right to essentially cut off the infected PCs within the United States from communicating with 18 IP addresses identified as command-and-control servers that the botnet’s creators operated. At the same time, Microsoft took over 49 domains associated with ZeroAccess, with assistance from A10 Networks. Europol, for its part, served warrants on the servers associated with the 18 IP addresses, located in Europol worked with Latvia, Luxembourg, Switzerland, the Netherlands, and Germany.
“The coordinated action taken by our partners was instrumental in the disruption of ZeroAccess; these efforts will stop victims’ computers from being used for fraud and help us identify the computers that need to be cleaned of the infection,” said David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit, in a statement. “Microsoft is committed to working collaboratively—with our customers, partners, academic experts and law enforcement—to combat cybercrime. And we’ll do everything we can to protect computer users from the sinister activities and criminal networks that victimize innocent people and businesses around the world.”