The ZeroAccess root kit is one of the most notorious root kits in use today. Also known as Smiscer or Max++, Symantec estimates it has infected at least 250,000 PC's world wide. Sold through criminal networks as a tool to install malicious payloads onto target systems this version is being used to push fake anti-virus software that tries to con end users into paying $70 to remove "virus infections". Just a 10% response rate on 250,000 infections would be worth $1.75m. This is big business.
What makes it so dangerous is it's ability to hide itself, from the user, from anti virus software and from forensic analysis. It's designed to be both undetectable and un-removable without causing serious damage to the host OS. It can even survive an OS partition deletion and re-installation.
For the first time this root kit has been successfully reverse engineered and it's internal operation understood.
All the gory details can be found here
Warning : Heavy technical content and lots and lots of assembly code.
What makes it so dangerous is it's ability to hide itself, from the user, from anti virus software and from forensic analysis. It's designed to be both undetectable and un-removable without causing serious damage to the host OS. It can even survive an OS partition deletion and re-installation.
For the first time this root kit has been successfully reverse engineered and it's internal operation understood.
All the gory details can be found here
Warning : Heavy technical content and lots and lots of assembly code.
Comment