The ZeroAccess botnet closed out 2012 as the most active botnet in the wild, according to a malware report from security vendor Kindsight. Read More ..
ZeroAccess is mainly designed to distribute malware as part of a massive ad-click fraud campaign that at one point last year was estimated to be raking in as much as $100,000 a day for its operator. Another version of the botnet also makes money through Bitcoin mining. According to Kindsight, versions of the ZeroAccess botnet occupied the number one and seven spots on the list of top high-level malware threats on the Web.
ZeroAccess is so prevalent because it uses an aggressive pay-per-install affiliate campaign to spread malware – something the botnet's controllers can afford because it is earning top dollar through ad-click fraud, explained Kevin McNamee, security architect at Kindsight.
"The first version of ZeroAccess used rootkit technology to evade antivirus software," he said. "But the latest version doesn’t even bother--it disables the antivirus during the installation process."