Microsoft, FBI and Europol deal blow to ZeroAccess botnet

Microsoft works with the authorities to disrupt cyber criminals committing fraud

A collaborative effort by Microsoft, the FBI and Europol has disrupted one of the world's most notorious botnets, ZeroAccess, significantly increasing the risks for cyber criminals and hackers looking to commit fraud by deploying the malware.

ZeroAccess, also known as The Sirefef Botnet, has been responsible for infecting more than two million computers and is thought to cost advertisers and users $2.7m (£1.6m) a month. The botnet targets results of Google, Bing and Yahoo search engines, redirecting users to malicious infected websites which are used to steal personal details and online payment information.

It is controlled by a network of peer-to-peer systems, which allow cyber criminals to operate the botnet from tens of thousands of different computers. It is one of the most robust botnets in operation, but the authorities have warned cyber criminals that shutting down the sophisticated ZeroAccess marks a statement of intent to bring even the most advanced and elusive cyber criminals to justice.

"If the hacker community has not yet taken notice, today's disruption of the ZeroAccess botnet is another example of the power of public-private partnerships," said FBI executive assistant director Richard McFeely.

"It demonstrates our commitment to expand coordination with companies like Microsoft and our foreign law enforcement partners – in this case, Europol – to shut down malicious cyber attacks and hold cyber criminals accountable for exploiting our citizens' and businesses' computers."

Microsoft received authorisation from the US District Court for the Western District of Texas to block communications between computers operating ZeroAccess within the US and identified as committing cyber-fraud.

"The coordinated action taken by our partners was instrumental in the disruption of ZeroAccess; these efforts will stop victims' computers from being used for fraud and help us identify the computers that need to be cleaned of the infection," said David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit.

"Microsoft is committed to working collaboratively – with our customers, partners, academic experts and law enforcement – to combat cybercrime," he continued. "We'll do everything we can to protect computer users from the sinister activities and criminal networks that victimise innocent people and businesses around the world."

Europol's European Cybercrime Centre (EC3) also played a roll in disrupting the ZeroAccess botnet, with coordinated action targeting 18 IP addresses across Europe. Search warrants were executed and computers committing criminal activities were seized across Latvia, Luxembourg, Switzerland, the Netherlands and Germany.

"This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organisations and networks behind these dangerous botnets that use malicious software to gain illicit profits," said Troels Oerting, head of the EC3.

"EC3 added its expertise, information communications technology infrastructure and analytic capability, as well as provided the platform for high-level cooperation between cybercrime units in five European countries and Microsoft."

The disruption of the ZeroAccess botnet represents the first operation of its kind since Microsoft unveiled its new Cybercrime Centre last month. It marks the firm's eighth successful botnet operation in the last three years.