A new study of the ZeroAccess rootkit, believed to have infected 2.2 million home networks worldwide at the end of last year, has demonstrated that it continues to evolve, with new techniques to evade detection and hinder removal.
ZeroAccess has long been pervasive. Kindsight Security Labs Malware Report for the end of last year estimated that 1 in every 125 US home networks were infected – it was effectively an advanced pervasive threat.
A new analysis by Sophos now demonstrates that its authors are continuing to modify and improve the malware. In particular, says James Wyke in the Naked Security blog, “The authors have pushed out another update and this time they are using some interesting techniques to ensure reboot persistence.”
Persistence, he explains, puts the ‘P’ in ‘APT’. “Simply put”, he says, “malware has persistence if it automatically reloads itself when you logoff and log back on, or when you reboot.” The advanced pervasive threat has become a genuine advanced persistent threat.