Name of Malware: ZeroAccess (Sirefef, MaxPlus)

Type of Malware: Miner, click fraud, adware

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops

Impact: medium

What is ZeroAccess?

ZeroAccess is an innocent-looking but damaging computer program. The malware takes complete control of the operating system using a number of malicious tools. This all happens without the user's consent. The two main tasks of ZeroAccess are bitcoin mining and simulating clicks on advertising banners that generate profit on a pay-per-click basis. This activity is referred to as click fraud.

How did I get infected with ZeroAccess?

ZeroAccess infections can be acquired from websites that have been hacked by criminals. The attackers hide malicious scripts on these websites. The scripts are used to download and install the malware without the user's consent when they visit the malicious website.

Another potential route of infection is opening a malicious e-mail attachment. The malware is hidden in a file that appears harmless. The text of the e-mail convinces the recipient to open the attachment. There are also variants of ZeroAccess that are installed after the victim system has been infected with other malware families, such as Necurs.

What do I have to do now?

As the malware takes full control of the system and often hides your files, you may need to reformat/reinstall your operating system.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.