Ever Wondered What a Live Botnet Looks Like?

The idea of a network of malware-infected zombie computers rigged to do the bidding of criminals conjures up a frightening image on its own. A new visualization of the so-called ZeroAcess botnet shows how alarmingly widespread such schemes can become. 

Thanks to security firm F-Secure and Google Maps, we can see computers infected with ZeroAccess blanketing maps of both the U.S. and Western Europe. The botnet has been around for several years, evolving to evade antivirus software, according to another security firm, Sophos. And it’s been amassing its drone army the same basic way: once the malware is delivered, it connects the infected computer to a peer-to-peer network so it can receive commands to download more malware. The original pest is usually a trojan—a legitimate-looking file or helpful-looking program that fools users into downloading it.

Sophos reports that ZeroAccess malware has been installed around nine million times globally, and the firm estimates that the botnet currently comprises about a million active computers.The scheme is quite lucrative: if running at full capacity, the botnet can reportedly use click fraud and bitcoin mining to make up to $100,000 a day for its operators.