The number of infected hosts in a Bitcoin mining botnet called ZeroAccess has continued to climb throughout the first quarter of year, researchers found.
Fortinet, a Sunnyvale, Calif.-based security firm, announced findings this week from its research labs FortiGuard, which showed that the ZeroAccess botnet was the top threat that its devices turned up between Jan. 1 and March 31.
In the first quarter, Fortinet researchers tracked 100,000 new infections per week worldwide, with a total of three million unique IP addresses reporting ZeroAccess infections.
The botnet is comprised of devices infected with the ZeroAccess trojan, which carries out click fraud, causing victims to unknowingly click ads that drive money to scammers.
The botnet can also instruct infected computers to conduct Bitcoin mining.
Bitcoins, which currently are valued at a volatile $120 each, are a form of virtual currency created in 2009 that can be transferred anonymously from person to person online, without going through a bank. They are accepted today by some online merchants and can be traded for actual dollars at online currency exchanges, such as MtGox.com.
Bitcoin mining is a tactic used to earn more of the currency by using computers' computational power and open-source software to complete mathematical puzzles that solve "blocks," or files that hold records of recent Bitcoin transactions that have not yet been recorded. Rewards of new Bitcoins are given for each block that is solved, thus making mining a far more cost-effective way to amass Bitcoins.
Richard Henderson, a security strategist at Fortinet, told SCMagazine.com on Wednesday that the ZeroAccess' authors were actively hiring outside groups to spread the malware.
“They are so confident that they are charging five times the going rate [for infections],” Henderson said. “They are paying them $500 per 1,000 infections. As soon as the [ZeroAccess] infection takes place, they are already paid. They must have a lot of money in the bank to do this, so they are making a lot off of the ZeroAccess botnet.”
Last September, research from Sophos showed that the ZeroAccess botnet owners were earning up to $100,000 a day from their Bitcoin and click-fraud scams. At that time, the botnet's size was estimated to be around one million machines, with more than 50 percent located in the United States.
Fortinet's research did not include a geographical breakdown of the botnet, but the firm did confirm that the network's earning power has remained as high as $100,000 a day.