ZeroAccess is top bot in home networks

For all of 2012, 13% of home networks in North America were infected with malware, with 7% of broadband customers infected with high-level threats. 

According to the Kindsight Security Labs Malware Report for Q4 2012, the ZeroAccess botnet continued to be the most common malware threat in the quarter, infecting 0.8% of broadband households. The firm found ZeroAccess to be present in about 2.2 million home networks worldwide, while in the US alone, approximately 685,000 users are infected, or one in 125 home networks. 

Botnets were responsible for four of the top five high-level threats on home networks in the full year of 2012, including ZeroAccess, TDSS, Alureon and Flashback. Almost 50% of infected home networks had a botnet issue in 2012.

On the mobile front, that threat is continuing to rise, but total penetration is a mere fraction of wired malware infections. In mobile networks, only 0.5% of devices exhibited high-threat-level malware; but that’s an increase of 67%, from 0.3%, in the prior quarter. The number of Android malware samples was 5.5 times larger in Q4 than in Q3. Out of that, Kindsight found that the emergence of mobile spyware that can track calls, text messages and location is on the rise, which is a particular concern to businesses thanks to the increasing bring-your-own-device (BYOD) phenomenon, where employees use personal devices for corporate information functions.

The number one Android malware was Wapsx, which made up 42.24% of infections, according to the report.
“It’s clear after publishing these metrics for a year that malware continues to be a problem for home and mobile networks,” said Kevin McNamee, security architect and director at Kindsight Security Labs, in a statement. “When we look back at the full year, 13% of home networks were infected with malware. Botnets were responsible for almost half of those infections and ZeroAccess is still the leading botnet.”

ZeroAccess is a sophisticated ad-click fraud scheme that each day generates about 140 million fraudulent ad-clicks and 260 terabytes of network traffic. Kindsight estimates that cybercriminals could be costing advertisers $900,000 per day in ad-click fraud with ZeroAccess.

ZeroAccess bot operators have registered a large number of websites that host pay per click advertisements, and program the bots to click on ads that are hosted by these sites. When the ad is clicked, the owner of the web ite is paid for the click. The bots visit a command-and-control (C&C) server periodically and are given a list of ads to click. This allows the C&C server to dynamically control which ads are chosen, how frequently they are clicked and which bots are used.

What’s Hot on Infosecurity Magazine?