The ZeroAccess Botnet Visualized on Google Earth

Status
Not open for further replies.

Pennanen

Honorable
May 29, 2012
181
0
10,680
[citation][nom]guru_urug[/nom]I must not be the only one who looked at those images and thought "SkyNet!"[/citation]
First thing that came to my mind was google chrome.
 

Gundam288

Distinguished
Sep 23, 2011
281
0
18,790
[citation][nom]luciferano[/nom]Botnet this, botnet that... They seem very popular with the bad hackers lately.[/citation]
You know what they say, only the bad ones get caught.


The main infection technique is to tricking users on social platforms into running an executable file

And I still remember when some one was convinced to delete his system32 folder to increase his FPS in Counter-Strike....

Are people getting smarter or dumber? I wonder sometimes...
 

A Bad Day

Distinguished
Nov 25, 2011
2,256
0
19,790
[citation][nom]gundam288[/nom]And I still remember when some one was convinced to delete his system32 folder to increase his FPS in Counter-Strike....Are people getting smarter or dumber? I wonder sometimes...[/citation]

One of my friends compressed his boot folder, or deleted it.

His computer didn't boot again...

(If people had as much trouble with books as computers back in the medieval era): http://www.youtube.com/watch?feature=player_embedded&v=pQHX-SjgQvQ
 

thezooloomaster

Honorable
Apr 19, 2012
78
0
10,630
[citation][nom]Wamphryi[/nom]It would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.[/citation]

The "Bleeping Computer" are one of the best places to go for that. Getting rid of malware is rarely easy.
 

alidan

Splendid
Aug 5, 2009
5,303
0
25,780
[citation][nom]Wamphryi[/nom]It would be helpful if the article contained information on how to determine infection and in the event of infection what to do about it.[/citation]

if its based on a root kit than there is basicly no way for the average computer user to figure it out.
granted, using an up to date linux cd boot made specifically for the purposes of diagnostics may be able to figure this crap out, i dont remember its name but i know there was one a while ago that i had on a cd as an in case.
 

luciferano

Honorable
Sep 24, 2012
1,513
0
11,810
[citation][nom]alidan[/nom]if its based on a root kit than there is basicly no way for the average computer user to figure it out.granted, using an up to date linux cd boot made specifically for the purposes of diagnostics may be able to figure this crap out, i dont remember its name but i know there was one a while ago that i had on a cd as an in case.[/citation]

There are several Linux boot disks that can do that.
 

TechEnt

Distinguished
Jun 27, 2011
15
0
18,510
The main infection technique is to tricking users on social platforms into running an executable file, often under the promise of free software.

So, you provide a link to a pdf which is an executable file. How do I know you didn't just get conned into spreading the infection. I now have to google it.

Thank you for the article, but please go the extra step when it comes to security articles and the resources you refer. At least, personally vet them and indicate as such. That way your name is on the line if you didn't vet.
 

nebun

Distinguished
Oct 20, 2008
2,840
0
20,810
here is the key word "social platforms"...sound to me that maybe someone withing these so called social network crated the malware, who knows, maybe it was the FBI, lol
 

memadmax

Distinguished
Mar 25, 2011
2,492
0
19,960
I ran into something like this yesterday.
WF with NS and ABer stopped it cold in its tracks.
I knew that what I was doing was a no no, but I was curious to see what was going on and if I was protected or not.
 

luciferano

Honorable
Sep 24, 2012
1,513
0
11,810
[citation][nom]echondo[/nom]Seems to be infecting most of the East coast in the U.S. and Canada.Weird, I thought we were more stupid in California lol.[/citation]

There's probably more than twice as many people in the central and eastern areas of the USA than in the western ares f the USA. I'd think that this has a significant impact on the eastern coast's greater amount of infections.
 

A Bad Day

Distinguished
Nov 25, 2011
2,256
0
19,790
[citation][nom]echondo[/nom]Seems to be infecting most of the East coast in the U.S. and Canada.Weird, I thought we were more stupid in California lol.[/citation]

If you compared the infection map with a population density map, they would look similar...
 

gabriel_g

Honorable
Sep 30, 2012
1
0
10,510
The ZeroAccess Rootkit most of the times deletes the following windows services: Base Filtering Service, Windows Firewall Service, Windows Defender Service and Security Center Service. If you check Control Panel>Administrative Tools>Services and you are missing those four service you probably have it.
 
G

Guest

Guest
The ZeroAccess Rootkit is a real pain to get rid of. I tried removing the harddrive and using a clean computer to scan with Norton, AVG, Malwarebytes, TDSSkiller, etc. In the end reformating was the only way I could win. There are ZeroAccess removal tools now....not sure they really get rid of it...it really messes up the system...deactivates network access, deletes Microsoft Update Service, seems to create a hidden partition and operate from there.
 

rantoc

Distinguished
Dec 17, 2009
1,859
1
19,780
[citation][nom]gundam288[/nom]Are people getting smarter or dumber? I wonder sometimes...[/citation]

Think the main reason is that today's computer is just plug in and surf without any per-knowledge at all, the computer got antivirus ect so the user think their safe and thus drive recklessly out and click everything they see. (Don't get me started about¨the general Apple user because they blindly believe their completely safe from anything and i mean anything because a commercial told them so).

People getting more stupid? Don't think so but defiantly less educated about the dangers of their computer behaviors.
 

casperstouch

Distinguished
May 15, 2009
73
0
18,630
This is what I found on how it works, and what to add to your local host to help prevent getting the trojan:
http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99&tabid=2

# Block of ZeroAccess BotNet
127.0.0.1 69.176.14.76
127.0.0.1 76.28.112.31
127.0.0.1 24.127.157.117
127.0.0.1 117.205.13.113
127.0.0.1 200.59.7.216
127.0.0.1 113.193.49.54
127.0.0.1 ntp2.usno.navy.mil
127.0.0.1 ntp.adc.am
127.0.0.1 chronos.cru.fr
127.0.0.1 wwv.nist.gov
127.0.0.1 clock.isc.org
127.0.0.1 time.windows.com
127.0.0.1 time2.one4vision.de
127.0.0.1 time.cerias.purdue.edu
127.0.0.1 clock.fihn.net
127.0.0.1 ntp.duckcorp.org
127.0.0.1 ntp.ucsd.edu
127.0.0.1 ntp1.arnes.si
127.0.0.1 ntp.crifo.org
127.0.0.1 tock.usask.ca

Here is also a tool to check to see if you have it and remove it:
http://www.symantec.com/security_response/writeup.jsp?docid=2011-121607-4952-99
 
Status
Not open for further replies.