So scary, is it Doomsday and Armageddon all-in-one?

by mnd.ctrl

The ZeroAccess Rootkit Trojan is the latest rootkit virus to gain widespread infiltration into a huge number of computers. While traditional viruses attempt to infect and destroy as many computers in their path before they’re stopped by anti-virus software, rootkits aim to keep your system working but under the control of an outside party. They typically give a remote user administrative power, allowing them to manipulate files and maintain control of your system…

Once your system is controlled by the administrator of the rootkit, he can cause it to execute actions. Your system becomes a “botnet,” or “zombie” computer, assisting the culprits to perform fraudulent acts, downloading additional malware and opening software back doors for hackers to enter. Since rootkits execute at the same privilege level as anti-malware software, they’re harder to remove – your computer can’t decide which program should have greater authority to shut down the other.

According to James Wyke, Senior Threat Researcher for SophosLabs, The ZeroAccess Rootkit Trojan and its nine known variants has been installed over 9 million times. Its resultant “botnet” is comprised of approximately 1 million zombie machines, generating huge profits for their masters. In his Technical Paper, “The Zero Access Botnet – Mining and Fraud for Massive Financial Gain,” Mr. Wyke calls ZeroAccess “one of the biggest threats on the Internet.”

There are two primary ways this virus is distributed. The first is through something called a Blackhole exploit kit. Through a compromised website or a spammed email, the victim is directed to the hacker’s landing page. Ad servers are prime targets for this type of corruption because their high traffic leads to widespread infection. The bad web page contains a JavaScript that scans your computer for vulnerabilities. If they’re found, the virus silently downloads into the background workings of the computer and begins to take over.

The second method of distribution is through social engineering. The victim is convinced to run an executable file because they’re attempting to obtain a piece of illicit software, bypass copyright protections, etc. For example, one lure the ZeroAccess creators have used in the past is an illegal copy of a popular game called Skyrim. The user attempts to download it, is prompted to open a Zip file, and the virus is installed, essentially with the user’s permission.

Initially, victims notice that their computer slows to a crawl. Internet searches are re-directed to unrelated sites and pop-ups appear much more frequently during web browsing. Advanced forms of the virus have even been linked to information mining and financial fraud, with hackers gaining access to your personal information and performing identity theft.

According to SophosLab’s research, hackers will pay up to $500 for every 1000 infected U.S. systems that a rootkit administrator can prove they’ve added to their botnet.

What to do?

Defend yourself before you’re infected. Make sure all your browsers, plug-ins and operating systems are updated with the latest version of software. Out-of-date Firefox, Internet Explorer and Google Chrome, in addition to Adobe Flash, Acrobat and Java are prime targets of Blackhole exploit kits. Don’t give in to the temptation of downloading illegal software through sharing and torrent sites. Keep your anti-malware software current and run it often. Regular backups of your data and applications will allow you to more easily perform a re-format/re-install of your operating system if you become infected and are unable to remove the virus through conventional methods.

If you suspect you may be infected, contact a computer repair professional as quickly as possible. Not only does this virus open doors for other malware to enter your system un-detected, but removal is extremely difficult. It is known to leave behind portions of itself and continue to haunt your computer if not removed properly.