Unlike Flame and Stuxnet, ZeroAccess botnet is not that famous, but yes it may be even more harmful that the former two owing to the fact that it continues to infect over 9 million PCs.

   According to our observation and research, the botnet is not ran by the usually protocols of IRC and HTTP, ZeroAccess connects to a P2P botnet. The peer-to-peer protocol used by the latest version of ZeroAccess contains only a few commands and is designed to spread files and IP addresses across the network quickly. It is encrypted to avoid easy detection and there are a number of measures taken to avoid the network being poisoned or taken over.

  AegisLab already has Anti-Virus and IDP signatures to detect most of the instances and call-home behavior. We urge our customers to keep Anti-Virus and IDP signatures up to date.