ZeroAccess malware is on over one million computers spread throughout almost 200 countries worldwide. On top of that, the threat ended up installed over nine million times on devices.
All of that happened in about two months. ZeroAccess generates a profit for its masters with the aid of a peer-to-peer network utilized to download malicious plugins. These components are capable of carrying out diverse tasks where criminals make a big profit.
Cybercriminals can earn as much as $100,000 per day if the botnet is operating at maximum capacity, said researchers at Sophos.
After monitoring the threat for a period of two months, Sophos was able to pinpoint the locations of the infected machines. Apparently, the malware infected computers in places we’d least expect, such as Kiribati and various other islands in the middle of the Pacific ocean.
However, most of the infected machines appear to be in the United States (55%), Canada, United Kingdom, Germany, Turkey, Spain, France, Austria, Italy and Japan.
“We have also reverse-engineered the mechanisms by which the ZeroAccess owners keep tabs on the botnet, and discovered an array of techniques used that are designed to bury the call-home network communications in legitimate-seeming traffic,” said James Wyke, senior threat researcher at SophosLabs.
In order to avoid becoming victims of ZeroAccess, users must be aware of what they install and what websites they visit.