Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
ZeroAccess Click-Fraud Botnet Back In Action Again
Newest First  |  Oldest First  |  Threaded View
theb0x
50%
50%
theb0x,
User Rank: Ninja
1/30/2015 | 9:25:09 PM
RootKits, Bootkits, and Trojans Oh My!
ZeroAccess is a part of the Alureon (Microsoft) family of bootkit infections and otherwise known as TDSS (Kaspersky), Tidserv (Symantec).

It's very misleading for these "researchers" to make the statement:

"ZeroAccess does not pose the same threat as other botnets used to perpetrate banking fraud, steal login credentials and valuable data, or hold victims' files for ransom."

One of this ZeroAccess' primary behaviors is to download additonal payloads such as trojans. A trojan to a cyber criminal has many useful purposes, but controlling a system remotely sums it up. Here are just a few specific purposes of a trojan:

 

Keystoke Loggers

Electronic Money Theft

Data Theft

Ransomware



Once the PC is initially compromised by ZeroAccess that system is now in a state that is completely VULNERABLE to an endless array of additional attack vectors that may not even be initiated by the original attacker. Botnets are also sold, traded, leased, and compromised by other botnets.

There is simply no way of determining what their intentions are. Especially if all this network traffic is encrypted.

 

 

 

 

 

 

 

 


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A time share on Mars. Looks like a great investment.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30482
PUBLISHED: 2021-05-11
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
CVE-2021-31897
PUBLISHED: 2021-05-11
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
CVE-2021-31898
PUBLISHED: 2021-05-11
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.
CVE-2021-31910
PUBLISHED: 2021-05-11
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
CVE-2021-31911
PUBLISHED: 2021-05-11
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.