ZeroAccess

From Botnets.fr
Jump to navigation Jump to search

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

ZeroAccess
Alias Smiscer, Sirefef, Zaccess
Group Downloading
Parent
Sibling
Family
Relations Variants:

Sibling of:
Parent of:
Distribution of:
Campaigns:

Target Microsoft Windows
Origin
Distribution vector Phoenix
UserAgent
CCProtocol HTTP (Centralized), P2P (Decentralized)
Activity /
Status
Language
Programming language
Operation/Working group

Introduction

Features


Associated images

Checksums / AV databases

Publications

 AuthorEditorYear
Cracking the encrypted C&C protocol of the ZeroAccess botnetJohn MorrisVirus Bulletin2012
Detecting extended attributes (ZeroAccess) and other Frankenstein’s monsters with HMFTHexacorn2013
Have we seen the end of the ZeroAccess botnet?James WykeSophos Labs2014
Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-modeJames WykeSophos Labs2012
Over 9 million PCs infected - ZeroAccess botnet uncoveredJames WykeSophos Labs2012
Panda Security uncovers bot-killing malwareBrian PrinceWired Business Media2012
Rovnix Reloaded: new step of evolutionDavid Harley
Aleksandr Matrosov
Eugene Rodionov
ESET2012
Step-by-step reverse engineering malware: ZeroAccess / Max++ / Smiscer crimeware rootkitGiuseppe BonfaInfosec Institute2010
TDL4 reloaded: Purple Haze all in my brainDavid Harley
Aleksandr Matrosov
Eugene Rodionov
ESET2012
The ZeroAccess botnet revealedAditya BalapureInfosec Institute2013
The ZeroAccess botnet: mining and fraud for massive financial gainJames WykeSophos Labs2012
The ZeroAccess rootkitJames WykeSophos2012
Trojan.ZeroAccess infection analysisSean Hittel
Rong Zhou
Symantec2012
ZACCESS/SIREFEF arrives with new infection techniqueManuel GatbuntonTrend Micro2012
ZeroAccess - new steps in evolutionArtem I. BaranovArtem Baranov2012
ZeroAccess anti-debug uses debuggerJoshua CannellMalwarebytes2013
ZeroAccess rootkit launched by signed installersKevin Beets
Peter Szor
McAfee2011
ZeroAccess's way of self-deletionWayneF-Secure2012
ZeroAccess: code injection chroniclesAleksandr MatrosovESET2012