A botnet is a collection of internet programs which communicate together to perform tasks. According to Microsoft, criminals can use botnets to infect large quantities of computers, making them perform automated tasks such as sending spam and spreading viruses without their owners’ consent or knowledge.
The ZeroAccess botnet which was disrupted Thursday was one of the world’s largest, reports BBC. The botnet infected 2 million computers, hijacking search queries and redirecting users to sites that could steal their information. It also generated fraudulent clicks on advertisements, allowing cyber criminals to collect payments from advertisers for the bogus internet traffic.
According to BBC, the botnet cost online advertisers US $2.7 million a month.
Microsoft filed a suit against eight unnamed defendants for identity theft and distributed denial-of-service attacks on November 25th, reports PCWorld. Though the defendants are anonymous, the lawsuit is in both Russian and English.
The recent ZeroAccess strike is a multinational effort. According to PCWorld, Europol is working with Latvia, Luxembourg, Switzerland, the Netherlands, and Germany to search and seize computers with the 18 IP addresses linked to ZeroAccess. The U.S. federal court has allowed Microsoft to block communication from the botnet and take over 49 domain names it used.
According to the Wall Street Journal, Troels Oerting, head of Europol's European Cybercrime Center, said that the operation was an important step in coordinated actions between private companies and international law enforcement agencies to “identify and investigate the criminal organizations and networks behind these dangerous botnets that use malicious software to gain illicit profits.”
This is the second joint venture in the past six months between Microsoft and law enforcement personnel to disrupt a botnet. According to the Wall Street Journal, Microsoft and its partners do not expect to completely dismantle the botnet due to its complexity, but expect their efforts “will significantly disrupt the botnet's operation.”