Microsoft Disrupts Botnet Hijacking Search Results and Exploiting Search Engines

Today, Microsoft’s Digital Crimes Unit (DCU), in partnership with law enforcement and industry partners, announced the successful disruption of the Sirefef botnet, also known as ZeroAccess. This dangerous botnet is responsible for hijacking people’s search results and taking them to potentially dangerous websites that could install malware onto their computer, steal their personal information, or fraudulently charge businesses for online advertisement clicks. ZeroAccess also commits click fraud. According to the latest Microsoft Security Intelligence Report, by the end of 2012, malicious or compromised websites had emerged to become the top threats facing enterprises as well as consumers.  This botnet specifically targets search results on the major online search and advertising platforms including Google, Bing and Yahoo!, and is estimated to cost online advertisers $2.7 million each month.

How a botnet works
Computers in a botnet are often ordinary computers sitting on desktops in homes and offices around the world. Attackers typically will install a bot on these systems by exploiting vulnerabilities in software or by using social engineering tactics to trick users into installing the malware. Users are often unaware that their computers are being used for malicious purposes.    

Bots are designed to operate in the background, often without any visible evidence of their existence. Victims who detect suspicious activity on their computers are likely to take steps to find and fix the problem, perhaps by running an on-demand malware scan or by updating the signature files for their existing real-time malware protection. Depending on the nature of the bot, the attacker might have as much control over the victim’s computer as the victim has or in some cases more.  Botnets have many uses including spamming, phishing, denial-of-service attacks, installing malware, click fraud, stealing confidential data, distributing malware and more.

How to clean your system
For information on how to help clean this threat from your system, visit

To help strengthen your computer’s defenses against bots it is important to implement security fundamentals such as installing antivirus from a trusted source, keeping all software on your computer up to date and use strong passwords.  More guidance can be found here

For more information on the ZeroAccess botnet disruption, I encourage you to check out this blog post from our Digital Crimes Unit. 

Tim Rains
Trustworthy Computing




About the Author
Tim Rains

Chief Security Advisor, Microsoft Worldwide Cybersecurity & Data Protection

Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he Read more »