An extremely detailed new analysis of the ZeroAccess rootkit takes the rootkit apart bit by bit and shows the tactics that it uses to infect new machines. The rootkit is a particularly nasty and intractable one, and has the ability inject itself into various device drivers and processes and sits at the lowest level of the software stack. ZeroAccess is being used as a platform for installing other malicious software on infected PCs and is part of a scheme to install rogue AV programs and solicit payments for removal.
Source: https://threatpost.com/dissecting-zeroaccess-rootkit-111810/74686/