Microsoft Helps FBI to Attack Click-Stealing ZeroAccess Malware

Microsoft Corp.’s digital crime unit has teamed up with the U.S. Federal Bureau of Investigation and its European counterpart to fight software that infected more than 2 million computers to steal revenue from online advertisers.

They’re working to track down computers that have been taken over with the malicious software known as ZeroAccess or Sirefef, and get rid of the malware, Microsoft said in a statement. While the effort won’t eliminate the threat, it should significantly reduce the fraud, which has cost online advertisers an estimated $2.7 million a month, the Redmond, Washington-based company said.

The “botnet,” a group of connected programs, is used to redirect queries in search engines owned by companies such as Google Inc., Yahoo! Inc. and Microsoft, to certain sites to steal money generated by ad clicks. It also creates automated Web traffic that simulates users’ clicks on ads, for which advertisers pay.

“Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts,” Microsoft said in the statement. The malware relies “on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers.”

EU Action

Microsoft filed a civil suit against those operating ZeroAccess last week and got authorization from the U.S. District Court for the Western District of Texas to block communications between computers that had been identified as being used to commit the schemes. Microsoft also took control of 49 web domains thought to be affiliated with ZeroAccess.

In coordinated action, Europol, the European Union’s law-enforcement agency, targeted 18 computer IP addresses in Europe, working with Latvia, Luxembourg, Switzerland, the Netherlands and Germany to execute search warrants and seizures.

ZeroAccess was first identified in 2011, according to a report from computer security firm Symantec Corp., the biggest maker of computer-security software. Distributors of the “Trojan horse” malware, which hides itself in PCs, have also been known to download software onto computers to mine Bitcoins, a virtual currency, Symantec said on its website.

Before it's here, it's on the Bloomberg Terminal.