ZeroAccess's way of self-deletion

From Botnets.fr
Revision as of 16:26, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

ZeroAccess's way of self-deletion
ZeroAccess s way of self-deletion.png
Botnet ZeroAccess
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / June 13, 2012
Editor/Conference F-Secure
Link http://www.f-secure.com/weblog/archives/00002385.html www.f-secure.com (www.f-secure.com Archive copy)
Author Wayne
Type

Abstract

We normally see malware developing and evolving over the years. One particular malware we've been following is ZeroAccess, which has been continuously improving which we first detected it in late 2010. Case in point: in the latest samples, its self-deletion routine has changed.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1036,
   editor = {F-Secure},
   author = {Wayne},
   title = {ZeroAccess's way of self-deletion},
   date = {13},
   month = Jun,
   year = {2012},
   howpublished = {\url{http://www.f-secure.com/weblog/archives/00002385.html www.f-secure.com}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=ZeroAccess%27s_way_of_self-deletion&oldid=2274"