A couple of weeks ago, Microsoft announced taking action against the ZeroAccess botnet. At the time, the company didn’t expect to completely disrupt the threat, but apparently, the cybercriminals have decided to abandon the botnet.
Microsoft focused its efforts on the botnet’s fraud component. Shortly after the company’s disruption efforts, the cybercriminals started sending out new instructions to computers infected with ZeroAccess in an effort to continue their scheme.
However, since the cybercriminals’ every move was being watched, Microsoft was able to identify the new IP addresses they used. Europol’s European Cybercrime Center (EC3) coordinated law enforcement from various countries to track the new IPs.
Law enforcement agencies from the Netherlands, Latvia, Switzerland and Luxembourg, led by Germany’s Federal Police, took part in the disruption efforts.
Shortly after, the cybercriminals pushed out a new update that included the message “WHITE FLAG,” which Microsoft believes indicates that the cybercriminals are giving up.
“Since that time, we have not seen any additional attempts by the bot-herders to release new code and as a result, the botnet is currently no longer being used to commit fraud,” Richard Domingues Boscovich, assistant general counsel at Microsoft’s Digital Crimes Unit, noted in a blog post.
When the Redmond company first announced taking action against ZeroAccess, it also filed a civil lawsuit against 8 unidentified individuals suspected of operating the botnet.
Now that the cybercriminals have abandoned their botnet, the US District Court for the Western District of Texas has been asked to close the case in order to allow authorities to continue their investigation.
In the meantime, those who suspect that their computers are infected with the ZeroAccess malware are advised to take a look at the instructions provided by Microsoft on how to clean up the infection.