ZeroAccess is a hugely widespread malware threat that has plagued individuals and enterprises for years. It has evolved over time to cater for new architectures and new versions of Windows. Read More ..
Here at SophosLabs we have looked at previous incarnations of the ZeroAccess rootkit in depth, describing how it enslaves victim PCs, adding them to a peer-to-peer botnet which can receive commands to download further malware.
Most recently, Sophos's researchers explored how ZeroAccess took a major shift in strategy, operating entirely in user-mode memory.
Due to the continued high profile of this malware family we felt it was necessary to examine the threat in greater detail, not only the latest version of ZeroAccess, but also the ZeroAccess botnet as a whole.
SophosLabs researchers can reveal that the current version of ZeroAccess has been installed on computers over nine million times with the current number of active infected PCs numbering around one million.