The ZeroAccess rootkit
(Publication) Google search: [1]
| The ZeroAccess rootkit | |
|---|---|
| Botnet | ZeroAccess |
| Malware | ZeroAccess (bot) |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | DGA |
| Date | 2012 / |
| Editor/Conference | Sophos |
| Link | http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess.aspx www.sophos.com (www.sophos.com Archive copy) |
| Author | James Wyke |
| Type | |
Abstract
“ ZeroAccess is a sophisticated kernel-mode rootkit that is rapidly becoming one of the
most widespread threats in the current malware ecosystem. ZeroAccess’ ability to run on both 32-bit and 64-bit versions of Windows, resilient peer-to-peer command and control infrastructure and constant updates to its functionality over time show that ZeroAccess is a modern threat capable of thriving on modern networks and modern Operating Systems. In this paper we will explore the ZeroAccess threat; from the distribution mechanisms used to spread it, through the installation procedure, memory residence and payload. We examine how ZeroAccess works and what its ultimate goal is.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR986,
editor = {Sophos},
author = {James Wyke},
title = {The ZeroAccess rootkit},
date = {02},
month = May,
year = {2012},
howpublished = {\url{http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess.aspx www.sophos.com}},
}