The ZeroAccess Rootkit Trojan

Facebook logo Twitter logo

California, (NOVEMBER, 2012) –The ZeroAccess Rootkit Trojan is the latest rootkit virus to gain widespread infiltration into a huge number of computers. While traditional viruses attempt to infect and destroy as many computers in their path before they’re stopped by anti-virus software, rootkits aim to keep your system working but under the control of an outside party. They typically give a remote user administrative power, allowing them to manipulate files and maintain control of your system.

Once your system is controlled by the administrator of the rootkit, he can cause it to execute actions. Your system becomes a “botnet,” or “zombie” computer, assisting the culprits to perform fraudulent acts, downloading additional malware and opening software back doors for hackers to enter. Since rootkits execute at the same privilege level as anti-malware software, they’re harder to remove – your computer can’t decide which program should have greater authority to shut down the other.

According to James Wyke, Senior Threat Researcher for SophosLabs, The ZeroAccess Rootkit Trojan and its nine known variants has been installed over 9 million times. Its resultant “botnet” is comprised of approximately 1 million zombie machines, generating huge profits for their masters. In his Technical Paper, “The Zero Access Botnet – Mining and Fraud for Massive Financial Gain,” Mr. Wyke calls ZeroAccess “one of the biggest threats on the Internet.”

Distribution:

There are two primary ways this virus is distributed. The first is through something called a Blackhole exploit kit. Through a compromised website or a spammed email, the victim is directed to the hacker’s landing page. Ad servers are prime targets for this type of corruption because their high traffic leads to widespread infection. The bad web page contains a JavaScript that scans your computer for vulnerabilities. If they’re found, the virus silently downloads into the background workings of the computer and begins to take over.

The second method of distribution is through social engineering. The victim is convinced to run an executable file because they’re attempting to obtain a piece of illicit software, bypass copyright protections, etc. For example, one lure the ZeroAccess creators have used in the past is an illegal copy of a popular game called Skyrim. The user attempts to download it, is prompted to open a Zip file, and the virus is installed, essentially with the user’s permission.

The Benefit to Hackers:

Initially, victims notice that computer processing slows to a crawl. Internet searches are re-directed to unrelated sites and pop-ups appear much more frequently during web browsing. Advanced forms of the virus have even been linked to information mining and financial fraud, with hackers gaining access to your personal information and performing identity theft.

According to SophosLab’s research, hackers will pay up to $500 for every 1000 infected U.S. systems that a rootkit administrator can prove they’ve added to their botnet.

Defend yourself before you’re infected

Make sure all your browsers, plug-ins and operating systems are updated with the latest version of software. Out-of-date Firefox, Internet Explorer and Google Chrome, in addition to Adobe Flash, Acrobat and Java are prime targets of Blackhole exploit kits. Don’t give in to the temptation of downloading illegal software through sharing and torrent sites. Keep your anti-malware software current and run it often. Regular backups of your data and applications will allow you to more easily perform a re-format/re-install of your operating system if you become infected and are unable to remove the virus through conventional methods.

If you suspect you may be infected, contact a computer repair professional as quickly as possible. Not only does this virus open doors for other malware to enter your system un-detected, but removal is extremely difficult. It is known to leave behind portions of itself and continue to haunt your computer if not removed properly.

About The Author: Andrea Andrea Eldridge is CEO and co-founder of Nerds On Call, a computer repair company that specializes in on-site and online service for homes and businesses. Andrea is the writer of a weekly column, Nerd Chick Adventures in The Record Searchlight. She prepares TV segments for and appears regularly on CBS, CW and FOX on shows such as Good Day Sacramento, More Good Day Portland, and CBS 13 News, offering viewers technology and lifestyle tips. See Andrea in action at callnerds.com/andrea/.

About Nerds On Call: Established in a spare room in Redding, Calif., in March 2004, Nerds On Call offers on-site computer and laptop repair services to consumers and businesses. Nerds On Call provides trouble-shooting for PCs and Macs, home and office networks, printers, iPods® and MP3 players, handheld devices and cell phones, home theaters and game systems, and virtually every other form of digital entertainment. In 2009, 2010, & 2011 the company was named to Inc. magazine’s list of 5000 fastest growing private companies. With 7 locations across California and Oregon, Nerds On Call serves more than 40,000 satisfied customers per year. For more information, visit callnerds.com or call 1-800-919-NERD.

Photo used by permission: Brett Jordan