ZeroAccess botnet thriving
ZeroAccess is one of the largest known botnets in existence today, with a population upwards of 1.9 million computers on any given day, as observed by Symantec.
A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks.
A key feature of the ZeroAccess botnet is its use of a peer-to-peer (P2P) command-and-control (C&C) communications architecture, which gives the botnet a high degree of availability and redundancy. Since no central C&C server exists, you cannot simply disable a set of attacker servers to neuter the botnet.
Whenever a computer becomes infected with ZeroAccess, it first reaches out to a number of its peers to exchange details about other peers in its known P2P network. This way, bots become aware of other peers and can propagate instructions and files throughout the network quickly and efficiently.
In the ZeroAccess botnet, there is constant communication between peers. Each peer continuously connects with other peers to exchange peer lists and check for updated files, making it highly resistant to any take-down attempts.
However, Symantec has been working together with Internet service providers and CERTs worldwide to share information and help get infected computers cleaned. The firm has also created an infographic that summarises the key facts and figures about the ZeroAccess Trojan.
