ZeroAccess is said to be one of the most prevalent botnets across the world and the guys over at Symantec had found out in August 2013 that as many as 1.9 million computers are affected by it. And a recent blog post from the company reveals that it has managed to take down as many 500,000 bots that without any doubt, has decreased their numbers considerably.
This particular botnet is used in peer-to-peer command-and-control communication architecture which is one of the reasons why it is available in such large number of computers. The lack of a central C&C server makes it impossible to disable an attacker and prevent it from spreading. As soon as it manages to get into a particular system, it contacts its peers and gives away details of other systems in the network. This constant communication between bots makes it extremely difficult to disable them.
In spite of all this, Symantec had successfully managed to find a way of sinkholing the botnet after a lot of research. They have admitted that it was a difficult process, but not impossible for sure. Even while the research was underway, the company noticed that certain modifications have been made to the botnet and the most significant one amongst them was its ability to avoid getting sinkholed.
The updated version of ZeroAccess started spreading via the same peer-to-peer network. The botmaster got the wind of the procedure for sinkholing through a report that was published in May this year. Without wasting more time, the engineers decided to take down the botnets by sinkholing them using the procedure they had researched and successfully got rid of around half a million of them.
By disabling 500,000 ZeroAccess botnets, Syamntec has higly reduced the possibility of advertising and online currency fraud.