A Review of ZeroAccess peer-to-peer Botnet

International Journal of Computer Trends and Technology (IJCTT)          
© 2014 by IJCTT Journal
Volume-12 Number-2
Year of Publication : 2014
Authors : Ms. Cheenu
DOI :  10.14445/22312803/IJCTT-V12P112


Ms. Cheenu."A Review of ZeroAccess peer-to-peer Botnet". International Journal of Computer Trends and Technology (IJCTT) V12(2):60-66, June 2014. ISSN:2231-2803. www.ijcttjournal.org. Published by Seventh Sense Research Group.

Abstract -
Today ZeroAccess is one of the widespread threats over the internet. The total number of infected systems is in the tens of millions with the number of lively infection. ZeroAccess is a Peer-to-peer botnet that affects Microsoft windows operating systems. It is used to download other malware on an infected machine from a Botnet and works as a platform. ZeroAccess is mostly implicated in bitcoin mining and click fraud, while outstanding hidden on a system using rootkit techniques. In this survey, we will explain the Evolution of ZeroAccess Botnet, the life cycle of ZeroAccess Botnet and concludes what are the challenges in ZeroAccess botnet.

[1] S. Khattak, N. Ramay, K. Khan, A. Syed, and S. Khayam, "A Taxonomy of Botnet Behaviour, Detection, and Defense," Communications Surveys & Tutorials, IEEE, vol. PP, pp. 1-27, 2013.
[2] C. Elliott, "Botnets: To what extent are they a threat to information security?," Information Security Technical Report, vol. 15, pp. 79-103, 2010.
[3] L. Jing, X. Yang, G. Kaveh, D. Hongmei, and Z. Jingyuan, "Botnet: classification, attacks, detection, tracing, and preventive measures," EURASIP journal on wireless communications and networking, vol. 2009, 2009.
[4] J. Stewart, "Bobax trojan analysis," SecureWorks, May, vol. 17, 2004.
[5] C. Li, W. Jiang, and X. Zou, "Botnet: Survey and case study," in Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on, 2009, pp. 1184-1187.
[6] J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon, "Peer-to-peer botnets: Overview and case study," in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, 2007, pp. 1-1.
[7] S. Stover, D. Dittrich, J. Hernandez, and S. Dietrich, "Analysis of the Storm and Nugache Trojans: P2P is here," USENIX; login, vol. 32, pp. 18-27, 2007.
[8] J. Stewart, "Phatbot trojan analysis," Retrieved from Secure Works: http://www. secureworks. com/research/threats/phatbot, 2004.
[9] B. Stone-Gross, M. Cova, B. Gilbert, R. Kemmerer, C. Kruegel, and G. Vigna, "Analysis of a botnet takeover," Security & Privacy, IEEE, vol. 9, pp. 64-72, 2011.
[10] G. Sinclair, C. Nunnery, and B.-H. Kang, "The Waledac protocol: The how and why," in Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on, 2009, pp. 69-77.
[11] P. Wang, L. Wu, B. Aslam, and C. C. Zou, "A systematic study on peer-to-peer botnets," in Computer Communications and Networks, 2009. ICCCN 2009. Proceedings of 18th Internatonal Conference on, 2009, pp. 1-8.
[12] E. Rodionov and A. Matrosov, "The evolution of tdl: Conquering x64," ESET, June, 2011.
[13] I. n. Arce and E. Levy, "An analysis of the slapper worm," Security & Privacy, IEEE, vol. 1, pp. 82-87, 2003.
[14] J. Stewart, "Sinit P2P trojan analysis," Web publication. Available at URL: http://www. secureworks. com/research/threats/sinit, 2003.
[15] T. Werner, "The Miner Botnet: Bitcoin Mining Goes Peer-To-Peer," 2011.
[16] T. Werner, "Botnet Shutdown Success Story: How Kaspersky Lab Disabled the Hlux/Kelihos Botnet," September, 2011.
[17] "Trojan.Zeroaccess | Symantec," http://www.google.co.in/url?q=http://www.symantec.com/security_response/writeup.jsp%3Fdocid%3D2011-071314-0410-99&sa=U&ei=o19sU4-mOdCWuASZ8YCIDg&ved=0CCgQFjAB&usg=AFQjCNFsvAx3Lrt_OFMJmLSdp8vV2ktpDA, July 13, 2011.
[18] J. Wyke, "BACK CHANNELS AND BITCOINS: ZeroAccess€™SECRET C&C COMMUNICATIONS," http://www.sophos.com/es-es/medialibrary/PDFs/technical%20papers/Wyke-VB2013.pdf, 2013.
[19] J. Wyke, "The ZeroAccess Botnet: Mining and Fraud for Massive Financial Gain.," Sophos Technical Paper: ZeroAccess Botnet-Mining and Fraud for Massive Financial Gain, 2012.
[20] A. Neville and R. Gibb, "ZeroAccess Indepth (Symantec Corporation White Paper)," 2013.
[21] M. Giuliani, "ZeroAccess Rootkit Guards Itself with a Tripwire," http://www.webroot.com/blog/2011/07/08/zeroaccess-rootkit-guards-itself-with-a-tripwire/, July 8th, 2011
[22] J. Wyke, "Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode," http://nakedsecurity.sophos.com/2012/06/06/zeroaccess-rootkit-usermode/, June 6, 2012.
[23] J. Wyke, "The ZeroAccess rootkit | Naked Security," http://www.google.co.in/url?q=http://nakedsecurity.sophos.com/zeroaccess2/&sa=U&ei=o19sU4-mOdCWuASZ8YCIDg&ved=0CC8QFjAC&usg=AFQjCNGgo82wZAWAGFmBz249QvROyjHT7A, 2011.
[24] "ZeroAccess Modifies Peer-to-Peer Protocol for Resiliency," http://www.symantec.com/connect/blogs/zeroaccess-modifies-peer-peer-protocol-resiliency, 20 Aug 2013.
[25] R. Gibb, "Sinkholing the Zeroaccess botnet," http://www.virusbtn.com/pdf/conference_slides/2013/Gibb-VB2013.pdf, 2013.
[26] R. Gibb, "ZeroAccess Modifies Peer-to-Peer Protocol for Resiliency," http://www.symantec.com/connect/blogs/zeroaccess-p2p, 20 Aug 2013.
[27] http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf, 2010.
[28] S. Ragan, "Millions of Home Networks Infected by ZeroAccess Botnet," http://www.securityweek.com/millions-home-networks-infected-zeroaccess-botnet, October 31, 2012.
[29] J. E. Dunn, "ZeroAccess bot has infected 2 million consumers, firm calculates. Techworld.," http://www.pcadvisor.co.uk/news/security/3408841/zeroaccess-bot-has-infected-2-million-consumers-firm-calculates/, 2 November 2012.
[30] F. Howard, "Sophos Technical Paper: Exploring the Blackhole Exploit Kit," http://sophosnews.files.wordpress.com/2012/03/blackhole_paper_mar2012.pdf, 2012.
[31] K. C. Wilbur and Y. Zhu, "Click fraud," Marketing Science, vol. 28, pp. 293-308, 2009.
[32] N. Daswani and M. Stoppelman, "The anatomy of Clickbot. A," in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, 2007, pp. 11-11.
[33] T. Reuters, "Huge ZeroAccess botnet disrupted by Microsoft," http://www.cbc.ca/news/technology/huge-zeroaccess-botnet-disrupted-by-microsoft-1.2453707, Dec 06, 2013.

Botnet, ZeroAccess botnet, Command and Control (C&C).