HOMETHREATSZeroAccess
MALWARE FAMILY

ZeroAccess

Internal ID: win.zeroaccess
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

ZeroAccess is a modular botnet that was primarily active around 2012. It has been observed selling fake antivirus software to infected users, performing click fraud and deploying bitcoin miners.

It utilizes both peer-to-peer networking and a centralized C&C, spoofing the HTTP Host header with fake DGA-generated domains to confuse researchers.

While there is no evidence that the DGA-generated domains were ever intentonally contacted by the malware, faulty middleboxes still caused some requests to be sent to the DGA domains.

Threat Analysis

ZeroAccess is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

win.zeroaccess

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
ZeroAccess — Malware Family | Threat Intelligence | CTIWATCH.COM