Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode

From Botnets.fr
Revision as of 00:27, 23 September 2012 by Eric.freyssinet (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode
Botnet ZeroAccess
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 6 juin 2012
Editor/Conference Sophos Labs
Link http://nakedsecurity.sophos.com/2012/06/06/zeroaccess-rootkit-usermode/ nakedsecurity.sophos.com (nakedsecurity.sophos.com Archive copy)
Author James Wyke
Type

Abstract

SophosLabs has been monitoring a new strain of the infamous ZeroAccess rootkit that has been hitting the internet over the last few weeks.

ZeroAccess is a sophisticated kernel-mode rootkit that enslaves victim PCs, adding them to a peer-to-peer botnet from which they receive commands to download other malware. The rootkit has undergone several revisions since its inception but this new version represents a major shift in strategy.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1168,
   editor = {Sophos Labs},
   author = {James Wyke},
   title = {Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2012},
   howpublished = {\url{http://nakedsecurity.sophos.com/2012/06/06/zeroaccess-rootkit-usermode/ nakedsecurity.sophos.com}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=Major_shift_in_strategy_for_ZeroAccess_rootkit_malware,_as_it_shifts_to_user-mode&oldid=2545"