Lessons learned from sinkholing the ZeroAccess botnet

ZeroAccess (or Sirefef) is a piece of malware that is very adept at hiding its existence from users, and brings in huge sums of money to its masters by performing click-fraud and Bitcoin mining.

The ZeroAccess botnet is currently one of the largest one in existence, but its creators have recently received quite a blow when Symantec researchers managed to sinkhole nearly half a million of its bots.

In this podcast recorded at the Virus Bulletin 2013, Candid Wüest from Symantec shares details about their research into the malware, the sinkholing operation they executed, and the lessons they learned from it.

Listen to the podcast here.

Candid Wüest, Principal Threat Researcher at Symantec Security Response. He researches new threat vectors, analyses trends and formulates new mitigation strategies. Previously he was working as a Virus Analyst in the anti malware laboratory of Symantec in Dublin/Ireland, analyzing malware and creating signatures. Before that he was part of the global security analyzing lab of IBM Research in R??schlikon. He has published various whitepapers and appeared in magazines and TV shows. He is a frequent speaker at conferences like Virus Bulletin and RSA.