The ZeroAccess botnet revealed
(Publication) Google search: [1]
| The ZeroAccess botnet revealed | |
|---|---|
| Botnet | ZeroAccess |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-07-01 |
| Editor/Conference | Infosec Institute |
| Link | http://resources.infosecinstitute.com/the-zeroaccess-botnet-revealed/ resources.infosecinstitute.com (resources.infosecinstitute.com Archive copy) |
| Author | Aditya Balapure |
| Type | Blogpost |
Abstract
“ On similar lines, the ZeroAccess Botnet is a specialised Trojan horse that affects the Windows operating systems and downloads malware to an infected machine to form a botnet. Read about how we reverse-engineered the ZeroAccess trojan here. With reference to Symantec’s analysis of this Trojan, it is said to use an advanced rootkit to hide itself. To set up its own botnet system, this Trojan creates its own hidden file system, downloads more malware from the connected environment, and opens up a back door for access on the compromised system. The attacker is then able to perform actions as per his requirements and the victim’s system becomes a part of the botnet. The name ZeroAccess has been coined due to the fact that a string found in the kernel driver code points to the original project folder ZeroAccess. It is also code named max++ due to its capability of creating a kernel object __max++>
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1350,
editor = {Infosec Institute},
author = {Aditya Balapure},
title = {The ZeroAccess botnet revealed},
date = {01},
month = Jul,
year = {2013},
howpublished = {\url{http://resources.infosecinstitute.com/the-zeroaccess-botnet-revealed/ resources.infosecinstitute.com}},
}