InfoSec Institute staff have uncovered a vulnerability in the ZeroAccess Rootkit, a powerful malware tool that allows hackers to carry out targeted attacks and steal a wide array of data.
ZeroAccess has been spreading through bogus scareware tactics that use pop-up alerts to coax unwitting internet users to download the malicious code by offering to conduct a free security scan of the victim's computer.
Though the maleware is not as prevalent as other threats, it has caught the attention of security pros because it is quite sophisticated, very difficult to detect, and nearly impossible to remove without damaging the infected operating system.
ZeroAccess acts as a conduit to download and execute other malware designed to accomplish specific tasks, acting as a gateway mechanism for the rapid distribution of other exploits, explains the Infosec Institute's Jack Koziol:
ZeroAccess by itself doesn’t do any data collection or active damage to the host. It is a platform that cyber-criminals can use to install whatever crimeware they are pushing that day, said Koziol. If the "flavor of the month" is to steal financial data, the criminals can start distributing the Zeus Trojan to compromised boxes.
The malware has been traced to sites controlled by the infamous Russian Business Network, a wildly successful cyber criminal organization.
The weaknesses identified would disable ZeroAccess's ability to run undetected.