Accession Number : ADA603812


Title :   The ZeroAccess Auto-Clicking and Search-Hijacking Click Fraud Modules


Descriptive Note : Technical rept.


Corporate Author : CALIFORNIA UNIV BERKELEY DEPT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES


Personal Author(s) : Pearce, Paul ; Grier, Chris ; Paxson, Vern ; Dave, Vacha ; McCoy, Damon ; Voelker, Geoffrey M ; Savage, Stefan


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a603812.pdf


Report Date : 16 Dec 2013


Pagination or Media Count : 24


Abstract : ZeroAccess is a large sophisticated botnet whose modular design allows new modules to be downloaded on demand. Typically each module corresponds to a particular scam used to monetize the platform. However, while the structure and behavior of the ZeroAccess platform is increasingly wellunderstood, the same cannot be said about the operation of these modules. In this report, we fill in some of these gaps by analyzing the auto-clicking and search-hijacking modules that drive most of ZeroAccess s revenue creation. Using a combination of code analysis and empirical measurement, we document the distinct command and control protocols used by each module, the infrastructure they use, and how they operate to defraud online advertisers.


Descriptors :   *COMPUTER VIRUSES , COMPUTER NETWORKS


Subject Categories : Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE