Botnets are big business for cyber criminals, and it’s always a game of cat-and-mouse to shut them down. But Microsoft has pulled off a rather impressive win, ending the reign of a giant botnet virus that had infected over 2 million computers around the world.
To kill the ZeroAccess botnet, Microsoft worked with legal teams around the world to shut off access to the IP addresses the virus was using, and shut down some of the servers the gang was running the code on. Now Microsoft says the trick has worked better than expected, and the gang behind ZeroAccess has given up entirely.
ZeroAccess was said to be defrauding online advertising partners of about $2.7 million in revenues every month it was active, which explains why Microsoft made such a deliberate attempt to defeat the virus. But due to the distributed nature of the Internet, it couldn’t be sure it had entirely eradicated the virus at first, and because ZeroAccess was sophisticated enough a virus to be remote-updated, it was always possible it could come to life again. But a recent update to the code has included the text “WHITE FLAG,” which security experts are taking as a sign of surrender. And since then there’s been no observed “herding” of the botnet code, the criminals seem to have actually abandoned the virus.