ZeroAccess Hits Victims with High Bandwidth Consumption

Thursday, July 19, 2012



Security provider Kindsight, has released their latest Security Labs Malware Report for Q2 2012.

The report examines trends for malware infections targeting home networks, mobile devices and systems which are connected through mobile adapters, and provides a snapshot of malicious communications traffic.

Of note in the report is the high level of infections detected for the ZeroAccess rootkit, a trojan that acts as gateway for the delivery of other malware. ZeroAccess is quite sophisticated, very difficult to detect, and nearly impossible to remove without damaging the infected operating system.

“In recent months, we’ve seen the ZeroAccess botnet updated its command and control protocol and grow to infect more computers while connecting to over one million computers globally,” said Kindsight's Kevin McNamee.

The researchers observed that ZeroAccess, which makes the infected unit part of a vast peer-to-peer botnet, is utilizing a great deal of its victim's bandwidth for its operations and was being employed in click fraud campaigns.

“The concern with ZeroAccess is that it is using the subscriber’s bandwidth maliciously which will cost them money as they exceed bandwidth caps. And, once the computer is compromised, it can also spread additional malware or launch new attacks,” McNamee said.

ZeroAccess has been spread through bogus scareware tactics that use pop-up alerts to coax unwitting internet users to download the malicious code by offering to conduct a free security scan of the victim's computer, among other propagation ploys.

The report also note a dramatic increase in Android malware infections over the last few months, as well as providing further findings on the Flashback infection rates Mac users experienced.

Highlights of the report include:

  • The ZeroAccess botnet infected computers in nearly one of every 100 homes, which connect to more than 1.2 million computers globally (10 percent in the U.S.), resulting in ad click fraud and malicious bandwidth usage.
  • Approximately 14 percent of home networks were infected with malware in Q2 with the number of high-level threats, such as bots, Trojans and backdoors, increasing 50 percent.
  • Flashback infected 10 percent of the homes with at least one Mac computer during the month of April, leading the Kindsight Security Labs top 20 lists for four weeks in a row.
  • Approximately one out of every 140 devices on mobile networks was infected, mainly Android phones and laptops connected to mobile networks.
  • Android malware samples increased by 300 percent over the past three months.

The report also found that ten percent of computers initially infected with DNSChanger had not been remediated prior to the deadline at which time the clean servers provided as a safety net were taken offline.

The full report may be accessed here.


Possibly Related Articles:
Viruses & Malware
malware Headlines report bandwidth ZeroAccess botnet trojan DNS Changer Flashback
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked