Microsoft Curbs Click-Fraud in ZeroAccess Fight

Microsoft observed a precipitous drop-off in click-traffic on their “extended publishing network,” which they claim reflects a similar drop-off in click-fraud, as a result of the actions they have taken to stymie ZeroAccess, according to Microsoft Malware Protection Center researchers Tommy Blizard and Nikola Livic.

Microsoft said actions it has taken to stymie the ZeroAccess malware have resulted in a drop off in click-fraud traffic. Microsoft Malware Protection Center researchers Tommy Blizard and Nikola Livic made the observation based on a precipitous drop-off in click-traffic on Microsoft’s extended publishing network.

ZeroAccess, or Sirefef as Microsoft likes to call it, is a malware platform built to receive and run malware modules, two of which make the majority of their money through click-fraud scams and Bitcoin theft.

The Microsoft ad network is segregated into two areas, owned and operated publishers such as Bing and Yahoo, and the extended publishing network. The extended publishing network consists of a series of publishers who have agreements with Microsoft. They also have agreements with other ad publishers who themselves have agreements with other publishers and so on and so forth. As you can imagine, this extended ad network is a sort of web that spirals and expands outward and is susceptible to click-fraud and generates what they call “low-quality traffic” or, click-frauded traffic.

Microsoft believes that its efforts to block ZeroAccess are causing a serious decline in this “low-quality traffic,” which is reflected in the overall numbers of the extended publishing network.

From February, when Microsoft added ZeroAccess to its malware signature detection system, to March 2013, Microsoft researchers observed 640 million installation attempts and cleaned some 500,000 machines of the virus.


Click-fraud is, per Microsoft’s explanation, “…the deliberate misappropriation of ad revenue by generating online clicks that don’t originate from a potential customer or the rightful publisher. Click-fraud is lucrative and a relatively easy way for cyber criminals to monetize their malware and/or launder ill-gotten revenues.”

It’s not just the victims of ZeroAccess that pay the price, Blizard and Livic explain:

“The advertisers who are paying for clicks which are never generated by potential customers are also affected,” they say. “And this lost revenue is passed on to you, the customer. When you buy a product whose ad budget is being stolen, you fractionally bear this cost.”

Bitcoin is a form of digital currency. It has been scrutinized and criticized because it is widely used by cybercriminals, though its proponents claim it is used just as or more commonly for legitimate purposes. Secure storage of Bitcoin has presented problems for Bitcoin trading platforms, which have been the victims of numerous attacks since the electronic cash’s inception.

Suggested articles