In recent months, we’ve seen the rootkit family Win32/Sirefef and Win64/Sirefef (also known as ZeroAccess Botnet) update its command and control protocol and grow to infect more computers while connecting to over one million computers globally.
It creates its own hidden partition on the hard drive and uses hidden alternative data streams to hide and thrive.
Original article at The Hacker News