Revisiting the "ZeroAccess" rootkit and understanding why earlier variants continue to propagate on the Internet
Introduction Welcome back! this week, I will be discussing the "ZeroAccess" rootkit, revisiting how it works, what can remove it, and why this piece of malware has seen a tremendous surge as of late, after having first been discovered in 2010! Briefly, the "ZeroAccess" rootkit is a "stealthy" piece of malware that usually installs itself, via a "drive-by-download" on the Internet or it's sometimes called in the hacking world "pharming". Some of these websites consist of javascript code written using, what programmers refer to as "shellcode" to take advantage of zero-day exploits in either the web-browser itself (something that has declined steadily over the last few years, because of sandboxed apps like Google Chrome) or Java and Adobe PDF! The exact "mechanism" is quite complicated and varies from machine to machine, generally unpatched XP, Vista, or Windows 7 machines are usually the BIGGEST targets (XP espec