The ZeroAccess Auto-Clicking and Search-Hijacking Click Fraud Modules

Abstract

ZeroAccess is a large sophisticated botnet whose modular design allows new modules to be downloaded on demand. Typically each module corresponds to a particular scam used to monetize the platform. However, while the structure and behavior of the ZeroAccess platform is increasingly wellunderstood, the same cannot be said about the operation of these modules. In this report, we fill in some of these gaps by analyzing the auto-clicking and search-hijacking modules that drive most of ZeroAccess s revenue creation. Using a combination of code analysis and empirical measurement, we document the distinct command and control protocols used by each module, the infrastructure they use, and how they operate to defraud online advertisers.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 16, 2013
Accession Number
ADA603812

Entities

People

  • Chris Grier
  • Damon Mccoy
  • Geoffrey M. Voelker
  • Paul Pearce
  • Stefan Savage
  • Vacha Dave
  • Vern Paxson

Organizations

  • University of California, Berkeley

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Algorithms
  • Coding
  • Command And Control
  • Computer Science
  • Computers
  • Cryptography
  • Decoding
  • Electronic Mail
  • Engineering
  • Geographic Regions
  • Infrastructure
  • Intellectual Property
  • Malware
  • Operating Systems
  • Platforms
  • Reverse Engineering
  • Web Browsers

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Database Systems and Applications
  • Rehabilitation and Prosthetic Care for Military Service Members and Veterans with Limb Loss or Disability.

Technology Areas

  • Fully Networked C3