NEWS FROM THE LAB - Wednesday, October 2, 2013

ZeroAccess: The Most Profitable Botnet Posted by Sean @ 11:17 GMT

In March of this year, researchers on Symantec's Security Response team began looking at ways in which they might be able to "sinkhole" (takedown) ZeroAcess — one of the world's largest botnets. But then… in late June, the botnet started updating itself, removing the flaw that the researchers hoped to take advantage of. Faced with the choice of some or nothing, the team moved to sinkhole what they could. And that was over 500,000 bots.

A very commendable effort!

Ross Gibb and Vikram Thakur are presenting a paper about lessons learned at this year's Virus Bulletin.

Unfortunately, the bulk of ZeroAcess is still with us…

To learn more about it — download this report — extracted from our H2 2012 Threat Report.