Fortinet's threat landscape research team recently announced that the ZeroAccess Bitcoin mining botnet was the leading threat worldwide for the period of January 1 to March 31, 2013.
"In the first quarter of 2013, we have seen owners of the ZeroAccess botnet maintain and expand the number of bots under its control," said Richard Henderson, security strategist and threat researcher for Fortinet’s FortiGuard Labs, said in a statement. "In the last 90 days, the owners of ZeroAccess have sent their infected hosts 20 software updates."
Henderson said the recent surge in the value of Bitcoins means that the ZeroAccess botnet has likely earned its operators several million dollars. "As Bitcoin's popularity and value increases, we may see other botnet owners attempt to utilize their botnets in similar fashions or to disrupt the Bitcoin market," he said.
Fortinet since it's seen a "virtually linear" growth in new infections since the company began actively monitoring ZeroAccess in August of last year. The company is currently seeing 100,000 new infections per week, with almost 3 million unique IP addresses reporting infections.
Separate from its Bitcoin mining activities, the researchers estimate that the botnet may be generating its owners as much as $100,000 per day in fraudulent advertising revenue alone.
And while Bitcoin exchange Mt.Gox was recently hit by an ongoing DDoS attack aimed at destabilizing the currency and/or profiting from price swings, Fortinet reports that ZeroAccess doesn't currently appear to have DDoS functionality. "This suggests other botnet owners are attempting to profit from fluctuations in the Bitcoin currency," the company states.