What is the ZeroAccess rootkit?
The ZeroAccess rootkit is malware that infects a computer silently, turns the system into a bot, and exploits the infected computer for malicious purposes. It can corrupt devices like TVs, printers, mobiles, tablets, etc, and is considered to be a high-security risk.
ZeroAccess Rootkit was first discovered in 2011 and since then, it infected and still infects millions of systems.
How does the ZeroAccess rootkit infect a computer?
A ZeroAccess rootkit typically infects a system in stages. The attackers first keep a series of malicious PHP scripts on a server controlled by the attackers. And they use various techniques to trick an innocent user into visiting that website.
Attackers may send the victim an email containing a malicious link to their website and deceive the victim into clicking on the link using social engineering techniques. The attackers may even compromise a legitimate website and then redirect the traffic of the legitimate website to their malicious website.
When a victim visits the malicious website, the malicious PHP scripts exploit security vulnerabilities of the commonly used software present in the victim’s machine, for example, Internet Explorer, Adobe Flash, Adobe Acrobat, Java, etc, and start infecting the machine.
Sometimes, the attackers may even hide the malicious scripts within legitimate-looking software or with a crack and keygen of software and place them in a torrent file. When the victim tries to install the software, the ZeroAccess rootkit starts infecting the victim’s system silently.
After infecting a computer, the ZeroAccess rootkit starts its installation. It first ascertains whether the infected system is a 32-bit or a 64-bit system. Depending on that information, the installation scripts start executing.
The malware escalates its privileges on the victim’s machine so that it can get administrative privileges of the machine and exploit that for malicious purposes. It even lowers the security of the system by disabling firewalls and a few other services of the system.
The purpose of the ZeroAccess rootkit
After infecting a system successfully, the ZeroAccess rootkit turns the system into a bot and starts exploiting the computational resources of the system for malicious purposes.
This malware mostly uses a ZeroAccess botnet for the purpose of click fraud and bitcoin mining. In a click fraud, the botnet simulates clicks on website advertisements that are paid for on a pay …
0 Comments