A major hacking operation involving a worldwide "army of zombie computers" hit a snag yesterday when the FBI, Europol, and Microsoft teamed up to shut it down. A months-long investigation by Microsoft found the ZeroAccess botnet infecting some 2 million computers with malware that generated bogus clicks on ads, netting criminals $2.7 million a month from online advertisers. Microsoft cut connections between infected machines in the US and European-based servers, while Europol seized servers tied to 18 IP addresses in Latvia, Germany, Switzerland, Luxembourg, and the Netherlands, the Wall Street Journal reports.
"These aren't just kids operating in their parent's basement," explains an advertising technology exec. "What we have here are organized crime groups in foreign countries targeting the ad world." Microsoft's Digital Crimes Unit spent months studying ZeroAccess in a Redmond, Washington, lab, learning that the botnet isn't controlled by a dedicated server, but can respond to commands issued by any infected computer. But even after Microsoft's move, which included filing a civil suit against eight "John Doe" defendants, ZeroAccess isn't necessarily dead for good, notes PC World. Investigators didn't expect to stop the botnet completely, and a previous attack by Symantec only disrupted the operation. "If we can't put the bad guys in jail," says a Microsoft investigator, "at least we can take away some of their money."