ZeroAccess, also known as max++ and Sirefef is a trojan horse that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine and to form a botnet mostly involved in Bitcoin mining and click fraud, while remaining hidden on a system using rootkit techniques.[1][2]

History and propagationEdit

The ZeroAccess botnet was originally discovered around July 2011.[1] The ZeroAccess Rootkit responsible for the botnet spread is estimated to have been present on at least 9 million systems.[3] The current size of the botnet varies across sources. Antivirus vendor Sophos estimates the current botnet size at around 1 million active and infected machines, while security firm Kindsight places the estimate at 2.2 million infected and active systems.[4][5]

The botnet itself is spread through the ZeroAccess rootkit through a variety of attack vectors. The first attack vector is a form of Social engineering where a user is expected to start an executable willingly, masquerading it as a legitimate piece of software or packing it alongside an executable used for bypassing copyright protection (Such as a keygen). The second attack vector utilizes Advertising network in order to have user click on an advertisement that will, in turn, redirect them to a site hosting the malicious software itself. A third infection vector used is an affiliate scheme where third party persons are paid for installing the rootkit on a system, in exchange for a set amount of cash per successful installation.[6][7]

Operation Edit

Once a system has been infected with the ZeroAccess rootkit it will start one of the two main botnet operations: Bitcoin mining or Click fraud. The machines involving themselves in bitcoin mining will generate Bitcoins for their owner, which estimated worth is valued 2.7 million US dollars a year.[8] The machines used for click fraud will simulate clicks on website advertisements which are often operated on a Pay per click basis. The estimated profit for this activity may be as high as 100,000 us dollars a day,[2][9] while costing advertisers a total of 900,000 a day in fraudulent clicks.[10]

External links Edit

Cite error: <ref> tags exist, but no <references/> tag was found

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.