We know a lot about the effects of malicious programs like rootkits and Trojan downloaders. The job of finding out exactly how the programs work, however, is painstaking. That's because most malware authors worth their salt take steps to make their creations hard to understand. Code obfuscation and anti-debugging are common features of most sophisticated, modern malware. With patience and endurance, however, researchers are often able to pierce the veil, anyway.

That was the case this week, when researcher Giuseppe Bonfa published a detailed analysis of a ubiquitous and very complex piece of malware known as ZeroAccess. Bonfa made his research public in a four-part series that analyzes various aspects of ZeroAccess, including the rootkit's criminal origins and the various tools it uses to maintain a hold on computers it infects - even after the operating system on those machines has been completely removed and reinstalled.

More: http://threatpost.com/en_us/blogs/image-day-dissecting-zeroaccess-crimeware-111510