Accession Number : ADA603812
Title : The ZeroAccess Auto-Clicking and Search-Hijacking Click Fraud Modules
Descriptive Note : Technical rept.
Corporate Author : CALIFORNIA UNIV BERKELEY DEPT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES
Personal Author(s) : Pearce, Paul ; Grier, Chris ; Paxson, Vern ; Dave, Vacha ; McCoy, Damon ; Voelker, Geoffrey M ; Savage, Stefan
Report Date : 16 Dec 2013
Pagination or Media Count : 24
Abstract : ZeroAccess is a large sophisticated botnet whose modular design allows new modules to be downloaded on demand. Typically each module corresponds to a particular scam used to monetize the platform. However, while the structure and behavior of the ZeroAccess platform is increasingly wellunderstood, the same cannot be said about the operation of these modules. In this report, we fill in some of these gaps by analyzing the auto-clicking and search-hijacking modules that drive most of ZeroAccess s revenue creation. Using a combination of code analysis and empirical measurement, we document the distinct command and control protocols used by each module, the infrastructure they use, and how they operate to defraud online advertisers.
Descriptors : *COMPUTER VIRUSES , COMPUTER NETWORKS
Subject Categories : Computer Systems Management and Standards
Distribution Statement : APPROVED FOR PUBLIC RELEASE