ZeroAccess

ZeroAccess is a modular botnet that was primarily active around 2012. It has been observed selling fake antivirus software to infected users, performing click fraud and deploying bitcoin miners. It utilizes both peer-to-peer networking and a centralized C&C, spoofing the HTTP Host header with fake DGA-generated domains to confuse researchers. While there is no evidence that the DGA-generated domains were ever intentonally contacted by the malware, faulty middleboxes still caused some requests to be sent to the DGA domains.

Family metadata imported from Malpedia (Fraunhofer FKIE).