20 Dec 2013

ZeroAccess Botnet Abandoned, Microsoft Says

The ZeroAccess botnet was abandoned by its creators after Microsoft took legal action against them, according to Microsoft’s Blog

Two weeks ago, Microsoft filed a legal case against the ZeroAccess creators to allow law enforcement to track new IP addresses used by the cyber-criminals.

Shortly after, the cyber-criminals sent an update to the ZeroAccess botnet with a “WHITE FLAG” message.

The message apparently “symbolizes that the criminals have decided to surrender control of the botnet,” said Richard Domingues Boscovich, Microsoft’s Digital Crimes Unit, Assistant General Counsel. “Since that time, we have not seen any additional attempts by the bot-herders to release new code and as a result, the botnet is currently no longer being used to commit fraud.”

Even if the ZeroAccess botnet has received no update and is no longer used for fraud, it has still spread to some 2 million infected users.