NEWS FROM THE LAB - Thursday, September 20, 2012

The United States of ZeroAccess Posted by Sean @ 12:41 GMT

Monday's post included a screenshot of the ZeroAccess botnet as visualized in Google Earth. Well, we've finished cleaning up the KML file which now includes 139,447 bot locations based on IP addresses associated with approximately 2,600 samples.

ZeroAccess is a very large botnet and there are millions of infections globally.

Here's the USA:

ZeroAccess, USA
Click the image above for a larger view.

Here's Europe:

ZeroAccess, Europe
Click the image above for a larger view.

And here's a zip file (1.8MB) containing with the csv/kml files so you can examine the data for yourself.

Analysis and data extraction by — Marko and Wayne