No mining for ZeroAccess

ZeroAccess, one of the most developed bots in the bitcoin system, has collapsed – it was taken down by the Symantec security company. Now many of the readers still are aware and know that the developers of this botnet have already neutralized the function of mining about six months ago.

Let us go deeper in the principles of work of a botnet and particularly ZeroAccess. A botnet is a very good known criminal deed – its creation, setup, launch and further distribution. It leads to uncontrolled and often unnoticed by the simple user of a personal computer spam sending, control of the data of the user, collection and depository of private information, stealing of money from virtual wallets and systems. ZeroAccess goal was to find and exploit free CPU to complete the tasks of mining for its distant owner monitoring a whole net from infected machines.

Symantec themselves were monitoring the situation from the first appearance of such a botnet in the year 2011. The Symantec Security Response member Vikram Thakur says that analogical revisions where a year after. Smaller one can be dated in the period between the two dates.

The owners and the spreaders of the botnet are called botherders. They stopped the module of the botnet from mining in April of the 2013. It was done with an update, which prevented this action of the module. And the question to rise is – why they have stopped this script from such a perspective and useful for them action?

Experts and advanced users still describe the work of the module for mining as pretty pointless. Let us follow their explanations – the process of mining using the CPU of a distant recipient and the regular load on the network makes the hash rate noticeably bigger. The main reason – lots of ASIC hardware performing the mining process. In this case GPU and CPU play almost no part in the process. The specialists from Symantec replayed the process on a rather weak PC. In comparison with the KnC Miner it is snail dashing behind a jaguar.

Of course the botnet might have infected rather powerful PC it met coincidently on the network, but it cannot use the whole offered CPU and other loads. Further investigations show that even lots of recipients would not harm the overall coin network, as well as the Internet as whole.

Still ZeroAccess was able to enter 1,9 million of machines. Even producing less than a dollar throughout year it might bring to their launchers many thousands or real, physical profit. Would any normal person switch it off by his own free will?

The experts believe that the system does not work that easy – it is traceable; it might have been located by the government and closed. The launcher or a group of them might have become anxious – they understand that this is illegal, anytime they can be reported by infected users, detected and jailed.

A more logic approach to “earning” money states, that any different use of computational more will give a bigger and safer profit to the developer. The same machine could be pushing and clicking profitable links for their intruders.

Currently the botnet is deactivated, also because the prices have been rapidly decreasing. Maybe, in times when the litecoin will become more popular botnet will go through their resurrection.


Follow Cointelegraph on Facebook