IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft shuts down a $2.7m a month click fraud botnet

Botnet suspected to originate in Russia was using 2 million machines.

fraud

Microsoft continues to fight against botnets by smashing a network which was using 2 million machines around the world.

The software giant filed a lawsuit in Texas and won a judge's order directing internet service providers to block all traffic to 18 internet addresses that were used to direct fraudulent activity to the infected machines.

Law enforcement in many European countries served warrants at the same time, seizing servers expected to contain more evidence about the leaders of the ZeroAccess crime ring, which was devoted to "click fraud."

Such rings use networks of captive machines, known as botnets, in complicated schemes that force them to click on ads without the computer owners' knowledge. The schemes cheat advertisers on search engines including Microsoft's Bing by making them pay for interactions that have no chance of leading to a sale. Microsoft said the botnet had been costing advertisers on Bing, Google and Yahoo an estimated $2.7 million monthly.

The coordinated effort marks the eighth time Microsoft has moved against a botnet and a rare instance of it doing serious damage to one that is controlled with a peer-to-peer mechanism, where infected machines give each other instructions instead of relying on a central server that defenders can hunt down and disable.

But the ZeroAccess botnet still had a weakness. The code in the infected machines told them to reach out to one of the 18 numeric Internet addresses for details on which ads to click.

Microsoft recently opened a new Cybercrime Center in Redmond and is using new tools in its efforts. They are helped by a provision in trademark that allows pretrial seizure of suspected counterfeit goods, including websites that, as in the present case, are spreading tainted versions of the Internet Explorer browser.

The company is working with national computer security authorities in various countries and with Internet service providers to notify individual computer owners with infected machines, hoping to reach most of them before the fraudsters can spread new instructions.

Microsoft has been sharing evidence with the FBI and Europol, the continent's law enforcement coordinating service. National agencies took part in seizure actions in Germany, Switzerland, Latvia, Luxembourg, and the Netherlands.

For now, at least, the fraud by this network has stopped, said Microsoft Assistant General Counsel Richard Boscovich.

The operators of the botnet are believed to be in Russia, while the author of the malicious software distributed on it could be based elsewhere, Boscovich said.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads
Microsoft Windows

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads

20 Jun 2022
IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated
Business strategy

IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated

17 Jun 2022
Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive
ransomware

Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive

17 Jun 2022
Microsoft silent patches called “a grossly irresponsible policy”
cyber security

Microsoft silent patches called “a grossly irresponsible policy”

15 Jun 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022