Think Information. Think Security.
This fall, the country was hit with a digital pandemic known as the Zeroaccess Botnet. This sophisticated malware actually has the ability to “learn” and evolve, to become one of the most infectious computer viruses to hit the globe. It also seems that no country is safe from the virus. No country, that is, except for China. The United States, Canada, and Great Britain were hit the hardest, with the rest of the European countries trailing closely behind. However, for reasons unknown, it appears that China is emerging almost completely unscathed from the viral attack. China’s overall lack of infection has not gone unnoticed, and has left many wondering, was China itself responsible for the Zeroaccess Botnet pandemic?

Zeroaccess Botnet, or also known as the Zeroaccess Rootkit is a malware threat that has been around since 2010. There are actually four versions of the virus, taking the 32-bit and 64-bit versions into consideration. Initially, it would create its own hidden partition on a hard drive using alternative data streams to keep itself hidden.

It is estimated that Zeroaccess has been downloaded more than nine million times. It is further estimated that more than two millions PCs in America, that is about 1 in 25, is infected. However, the malware has infected computers on a global scale. According to The Hacker News, “IP addresses of infected machines from a total of 198 countries ranging from the tiny island nation of Kiribati to the Himalayan Kingdom of Bhutan” were found.

The main goal of the malware is two-fold: click fraud and Bitcoin mining. Click fraud is a rather simple concept. It is the exploitation of the pay-per-click arrangement between webmasters and advertisers. However, in the case of Zeroaccess that click fraud is used to compensate installers of the malware in a pyramid scheme of sorts. Basically, installers get paid per installation. Once installed, the malware begins generating revenue through click fraud. A portion is then used to compensate the installers. Of course, the Zeroaccess author is at the top of the pyramid, making the most money. Nevertheless, the fraud is costing companies millions of dollars per day.

The more complex goal of Zeroaccess is Bitcoin mining. Basically, a bitcoin is a decentralized digital alternative currency regulated by a peer-to-peer network. The best description of this form of mining was provided by “So the basic concept of Bitcoin mining is that there’s a little chunk of each block that contains meaningless random data, and Bitcoin miners take all the data in the current block, shuffle up that random chunk and calculate the hash of the whole thing.”
What is really interesting is that none of this seems to be occurring in China. For some reason, the Zeroaccess owners, along with their army of installers, appear to have absolutely no interest in China, leading some to believe that the authors of the prolific malware could have originate with the Chinese government. Of course, there is no hard evidence for this, but there is overwhelming circumstantial evidence that makes the idea compelling. This would not be the first cyber-attack orchestrated by China against the West.

In 2009, it is believed that China conducted Operation Aurora, a cyber-attack that exploited a security hole in Internet Explorer. The targets were all American companies such as Google, Adobe Systems, Juniper Networks, Rackspace, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical. Furthermore, Top Secret Writer’s own correspondent in China, WC, recently reported on the 2049 Report and wrote, “China’s military is conducting extensive cyber warfare and spying operations through several electronic intelligence units, including a group identified for the first time called Beijing North Computing Center.” (4)

There is no doubt that the Zeroaccess Botnet is malware that is causing a considerable amount of damage and financial losses on a global scale. However, though the proof is currently only circumstantial, it is suspicious that the entire world is currently fighting this digital pandemic, but China remains unscathed; which begs the question, is the Chinese government responsible for the global Zeroacess Botnet?

Cross-posted from: Top Secret Writers

Leave a Reply.