| SAN FRANCISCO
SAN FRANCISCO Dec 5 Microsoft Corp
said on Thursday it had disrupted the largest network of
compromised personal computers, involving some 2 million
machines around the world, since it stepped up its battle
against organized online criminals three years ago.
The Redmond, Wash.-based software giant filed a lawsuit in
Texas and won a judge's order directing Internet service
providers to block all traffic to 18 Internet addresses that
were used to direct fraudulent activity to the infected
Law enforcement in many European countries served warrants
at the same time, seizing servers expected to contain more
evidence about the leaders of the ZeroAccess crime ring, which
was devoted to "click fraud."
Such rings use networks of captive machines, known as
botnets, in complicated schemes that force them to click on ads
without the computer owners' knowledge. The schemes cheat
advertisers on search engines including Microsoft's Bing by
making them pay for interactions that have no chance of leading
to a sale. Microsoft said the botnet had been costing
advertisers on Bing, Google Inc and Yahoo Inc
an estimated $2.7 million monthly.
The coordinated effort marks the eighth time Microsoft has
moved against a botnet and a rare instance of it doing serious
damage to one that is controlled with a peer-to-peer mechanism,
where infected machines give each other instructions instead of
relying on a central server that defenders can hunt down and
But the ZeroAccess botnet still had a weakness: The code in
the infected machines told them to reach out to one of the 18
numeric Internet addresses
Microsoft recently opened a new Cybercrime Center in Redmond
and is using new tools in its efforts. They are helped by a
provision in trademark that allows pretrial seizure of suspected
counterfeit goods, including websites that, as in the present
case, are spreading tainted versions of the Internet Explorer
The company is working with national computer security
authorities in various countries and with Internet service
providers to notify individual computer owners with infected
machines, hoping to reach most of them before the fraudsters can
spread new instructions.
Microsoft has been sharing evidence with the FBI and
Europol, the continent's law enforcement coordinating service.
National agencies took part in seizure actions in Germany,
Switzerland, Latvia, Luxembourg, and the Netherlands.
For now, at least, the fraud by this network has stopped,
said Microsoft Assistant General Counsel Richard Boscovich.
The operators of the botnet are believed to be in Russia,
while the author of the malicious software distributed on it
could be based elsewhere, Boscovich said.