HOMETHREATSZeroAccess
APT / THREAT GROUP

ZeroAccess

6
aliases
Last seen:Mar 17, 2026

Intelligence Profile

ZeroAccess is a modular botnet that was primarily active around 2012. It has been observed selling fake antivirus software to infected users, performing click fraud and deploying bitcoin miners.

It utilizes both peer-to-peer networking and a centralized C&C, spoofing the HTTP Host header with fake DGA-generated domains to confuse researchers.

While there is no evidence that the DGA-generated domains were ever intentonally contacted by the malware, faulty middleboxes still caused some requests to be sent to the DGA domains.

Threat Analysis

ZeroAccess is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases6

Also Known As

ZeroAccessMax++SmiscerSirefefwin.zeroaccessZAccess

External Intelligence

Malpedia: win.zeroaccess

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.