[markusg]

https://www.virustotal.com/de/file/8e05 ... 386105647/
SHA256:
8e054538d8c8bff74cc67431ce01013621976bab87ccb814d7982279bafce10e
Dateiname:
reloaded.exe
Erkennungsrate:
10 / 48

[markusg]

https://www.virustotal.com/de/file/ebbe ... 386106563/

[markusg]

https://www.virustotal.com/de/file/c8c0 ... 386174768/

[markusg]

https://www.virustotal.com/de/file/610b ... 386175546/
sorry forgot file

[markusg]

https://www.virustotal.com/de/file/3771 ... 386203454/

[markusg]

https://www.virustotal.com/de/file/5eed ... 386256185/

[TwinHeadedEagle]

Is this the truth? :?

http://www.microsoft.com/en-us/news/pre ... netpr.aspx

[frame4-mdpro]

"Disrupt" being the operative word here, and not much else.

[patriq]

"Disrupt" being the operative word here, and not much else.

Yes, exactly.

ZeroAccess operates on a P2P C&C infrastructure.

Not so easy to take down since P2P is more resilient due to having many more C&C servers, and in some P2P botnets, any one of the clients could potentially be a C&C (Gameover Zeus I believe does this, not sure of ZeroAccess)

ZeroAccess bots are built with an initial list of hosts to call and ask for updates, more nodes, commands, etc.
The sample e60a5f26dbde304410eae802919cbf71 (posted here earlier) still reaches out to 100+ IP addresses, many of them are still online, operational.

https://malwr.com/analysis/ZGI0YzRlYjJi ... ljZGViMmM/
(VT 8/48)

Good work MSFT.

[markusg]

Microsoft and its partners do not expect to fully eliminate the ZeroAccess botnet due to the complexity of the threat. However, Microsoft expects that
this action will significantly disrupt the botnet’s operation. Microsoft is working with ecosystem partners around the world to notify people if their
and i think it needs also time to clean all pcs microsoft collect info about