The Dell SecureWorks Counter Threat Unit (CTU) research team observed the ZeroAccess botnet resumes again with click-fraud activity. The name ZeroAccess derives from a string found in the kernel driver code that is pointing to the original project folder called ZeroAccess. The majority of computers ZeroAccess has infected have been located in the U.S. and Western Europe. The threat actors behind ZeroAccess have not attempted to expand the botnet with new compromises following the December 2013 disruption.”]
Source: http://securityaffairs.co/wordpress/32849/cyber-crime/zeroaccess-botnet-reloaded.html