ZeroAccess Trojan
ZeroAccess is a stealthy trojan which has been infecting Microsoft Windows systems since at least 2011.
ZeroAccess is used to download other malware onto an affected host using a botnet that had previously been associated with Bitcoin mining and click fraud. It is designed to remain undetected on targeted systems using rootkit techniques.
Upon initial infection, ZeroAccess overwrites the Windows core system files and installs kernel hooks in an attempt to remain stealthy.
The primary purpose of the malware appears to be revenue generation through pay-per-click advertising. However, a back door is installed to allow connections to a command and control server. This provides a remote attacker with full access to the compromised system.
Affected Platforms: Microsoft Windows – all versions
Ensure that:
- a robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
- all operating systems, applications, antivirus and other security products are kept up to date.
- all day to day computer activities such as email and internet are performed using non-administrative accounts and that permissions are always assigned on the basis of least privilege.
- your organisation adopts a holistic all round approach to Cyber Security as advocated by the 10 Steps To Cyber Security.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.