ZeroAccess Virus Using Millions of PCs to Generate Revenue
By The Pit Crew
When asked why he robbed banks, the 1920s U.S. bank robber Willie Sutton is credited with delivering the singular: because that’s where the money is. Today the money is in clicks on web links. Each click on a link delivers a visitor to a web site, and each visitor to a web site is a potential customer. Todays online stores buy clicks, and todays Willie Sutton steals them.
Sophos’s James Wyke recently released details on the number of clicks one modern day Willie Sutton is stealing, and how 9M other peoples personal computers are used to do it.
How to steal $96K/day in clicks
The Zero Access virus makes $96K/day (USD) using a new version of the old self-dealing scam:
1. The scammer sets up a web site and publishes ads from one or more ad networks like Google, Microsoft, or Yahoo.
2. The ad networks pay the scammer a small fee for each click on an ad.
3. The scammer clicks on the ads on his own website.
Self-clicking is the essence of the scam.
It’s a lot of manual work to self-click on ads, so todays Willie Sutton writes software programs to do the self-clicking for him. But ad networks can tell if a software program running on a computer is self-clicking because too many clicks are coming from the same one computer. So Willie installs his self-clicking software on a huge number of other peoples personal computers without their permission and makes it really hard to get the program off. And that’s how a malware program is born, more popularly referred to as a virus.
This is the essence of the Zero Access virus. It’s a software program for self-clicking on scammers websites. The virus has infected over 9M peoples computers, with about 400K infections active at any point in time. Those approximately 400K actively running programs each self-click once an hour, 24 hours a day, at 0.01/click, to earn the scammer roughly 96K/day. Further, because it’s a software program, it can update itself to run other scams too, like mailing spam or stealing the credit card number of the computer’s owner.
How to Remove Zero Access
Once the Zero Access is installed on a computer, it’s very difficult for security programs to remove it as this video demonstrates. Zero Access disables a number of Windows security services and takes measures to hide itself from security programs or disable anti-virus software that tries to remove it. There are 1000s of websites and 100s of ways to tackle removing ZeroAccess, but they all boil down to these 4 types of solutions:
The “FREE” Way
There are published guides on how to use a combination of manual steps and freely available software tools to remove the ZeroAccess virus. Technical skill is required.
The “PHONE” Way
There are businesses that you can call and they’ll log into your computer over the Internet and a technician will remove the ZeroAccess virus for a fee. Typically the technician follows one of the published guides with the combination of manual steps and freely available software tools.
The “STORE” Way
Most stores that sell computers also service computers, and will remove viruses like Zero Access for a fee.
The “Live USB\CD” Way
The United States Computer Emergency Readiness Team recommends cleaning an infected computer with a “trusted bootable USB”. If assembling a bootable USB with an anti-virus system set up on it is too technically difficult, there are solutions available like the FixMeStick that are easy to use.