The ZeroAccess Botnet Visualized on Google Earth

[Guest]

F-Secure has posted an impressive map of the ZeroAccess botnet as it spreads across North America and Europe.

The ZeroAccess Botnet Visualized on Google Earth : Read more

 

[Wamphryi]

It would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.

 

[guru_urug]

I must not be the only one who looked at those images and thought "SkyNet!"

 

[luciferano]

Botnet this, botnet that... They seem very popular with the bad hackers lately.

 

[Pennanen]

[citation][nom]guru_urug[/nom]I must not be the only one who looked at those images and thought "SkyNet!"[/citation]
First thing that came to my mind was google chrome.

 

[Gundam288]

[citation][nom]luciferano[/nom]Botnet this, botnet that... They seem very popular with the bad hackers lately.[/citation]
You know what they say, only the bad ones get caught.

The main infection technique is to tricking users on social platforms into running an executable file

And I still remember when some one was convinced to delete his system32 folder to increase his FPS in Counter-Strike....

Are people getting smarter or dumber? I wonder sometimes...

 

[A Bad Day]

[citation][nom]gundam288[/nom]And I still remember when some one was convinced to delete his system32 folder to increase his FPS in Counter-Strike....Are people getting smarter or dumber? I wonder sometimes...[/citation]

One of my friends compressed his boot folder, or deleted it.

His computer didn't boot again...

(If people had as much trouble with books as computers back in the medieval era): http://www.youtube.com/watch?feature=player_embedded&v=pQHX-SjgQvQ

 

[A Bad Day]

EDIT: I also forgot to mention,

There's always an equilibrium of stupidity, from Harvard professors to CEOs to average joes.

 

[thezooloomaster]

[citation][nom]Wamphryi[/nom]It would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.[/citation]

The "Bleeping Computer" are one of the best places to go for that. Getting rid of malware is rarely easy.

 

[alidan]

[citation][nom]Wamphryi[/nom]It would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.[/citation]

if its based on a root kit than there is basicly no way for the average computer user to figure it out.
granted, using an up to date linux cd boot made specifically for the purposes of diagnostics may be able to figure this crap out, i dont remember its name but i know there was one a while ago that i had on a cd as an in case.

 

[luciferano]

[citation][nom]alidan[/nom]if its based on a root kit than there is basicly no way for the average computer user to figure it out.granted, using an up to date linux cd boot made specifically for the purposes of diagnostics may be able to figure this crap out, i dont remember its name but i know there was one a while ago that i had on a cd as an in case.[/citation]

There are several Linux boot disks that can do that.

 

[TechEnt]

The main infection technique is to tricking users on social platforms into running an executable file, often under the promise of free software.

So, you provide a link to a pdf which is an executable file. How do I know you didn't just get conned into spreading the infection. I now have to google it.

Thank you for the article, but please go the extra step when it comes to security articles and the resources you refer. At least, personally vet them and indicate as such. That way your name is on the line if you didn't vet.

 

[TechEnt]

Granted, your name is on the line anyway because you published the article.

 

[dr1337]

"But it said that I was a winner so I had to click on it"

 

[nebun]

here is the key word "social platforms"...sound to me that maybe someone withing these so called social network crated the malware, who knows, maybe it was the FBI, lol

 

[master_chen]

Russia stands strong. Good.

 

[echondo]

Seems to be infecting most of the East coast in the U.S. and Canada.

Weird, I thought we were more stupid in California lol.

 

[memadmax]

I ran into something like this yesterday.
WF with NS and ABer stopped it cold in its tracks.
I knew that what I was doing was a no no, but I was curious to see what was going on and if I was protected or not.

 

[luciferano]

[citation][nom]echondo[/nom]Seems to be infecting most of the East coast in the U.S. and Canada.Weird, I thought we were more stupid in California lol.[/citation]

There's probably more than twice as many people in the central and eastern areas of the USA than in the western ares f the USA. I'd think that this has a significant impact on the eastern coast's greater amount of infections.

 

[A Bad Day]

[citation][nom]echondo[/nom]Seems to be infecting most of the East coast in the U.S. and Canada.Weird, I thought we were more stupid in California lol.[/citation]

If you compared the infection map with a population density map, they would look similar...

 

[gabriel_g]

The ZeroAccess Rootkit most of the times deletes the following windows services: Base Filtering Service, Windows Firewall Service, Windows Defender Service and Security Center Service. If you check Control Panel>Administrative Tools>Services and you are missing those four service you probably have it.

 

[Guest]

The ZeroAccess Rootkit is a real pain to get rid of. I tried removing the harddrive and using a clean computer to scan with Norton, AVG, Malwarebytes, TDSSkiller, etc. In the end reformating was the only way I could win. There are ZeroAccess removal tools now....not sure they really get rid of it...it really messes up the system...deactivates network access, deletes Microsoft Update Service, seems to create a hidden partition and operate from there.

 

[rohitbaran]

That looks like those virus spread maps in si-fi movies lol.

 

[rantoc]

[citation][nom]gundam288[/nom]Are people getting smarter or dumber? I wonder sometimes...[/citation]

Think the main reason is that today's computer is just plug in and surf without any per-knowledge at all, the computer got antivirus ect so the user think their safe and thus drive recklessly out and click everything they see. (Don't get me started about¨the general Apple user because they blindly believe their completely safe from anything and i mean anything because a commercial told them so).

People getting more stupid? Don't think so but defiantly less educated about the dangers of their computer behaviors.

 

[casperstouch]

This is what I found on how it works, and what to add to your local host to help prevent getting the trojan:
http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99&tabid=2

# Block of ZeroAccess BotNet
127.0.0.1 69.176.14.76
127.0.0.1 76.28.112.31
127.0.0.1 24.127.157.117
127.0.0.1 117.205.13.113
127.0.0.1 200.59.7.216
127.0.0.1 113.193.49.54
127.0.0.1 ntp2.usno.navy.mil
127.0.0.1 ntp.adc.am
127.0.0.1 chronos.cru.fr
127.0.0.1 wwv.nist.gov
127.0.0.1 clock.isc.org
127.0.0.1 time.windows.com
127.0.0.1 time2.one4vision.de
127.0.0.1 time.cerias.purdue.edu
127.0.0.1 clock.fihn.net
127.0.0.1 ntp.duckcorp.org
127.0.0.1 ntp.ucsd.edu
127.0.0.1 ntp1.arnes.si
127.0.0.1 ntp.crifo.org
127.0.0.1 tock.usask.ca

Here is also a tool to check to see if you have it and remove it:
http://www.symantec.com/security_response/writeup.jsp?docid=2011-121607-4952-99