ZeroAccess: code injection chronicles
Jump to navigation
Jump to search
(Publication) Google search: [1]
ZeroAccess: code injection chronicles | |
---|---|
![]() | |
Botnet | ZeroAccess |
Malware | ZeroAccess_(bot) |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / June 26, 2012 |
Editor/Conference | ESET |
Link | http://blog.eset.com/2012/06/25/zeroaccess-code-injection-chronicles blog.eset.com (blog.eset.com Archive copy) |
Author | Aleksandr Matrosov |
Type |
Abstract
“ At the end of spring 2012, the rootkit family Win32/Sirefef and Win64/Sirefef (also known as ZeroAccess) was updated. We start tracking the first updated samples at the beginning of May when a new affiliation program started for the distribution of a new ZeroAccess version. The updated version of Sirefef doesn't use kernel-mode drivers, as was done previously, and doesn’t have hidden file storage. The affiliation program substitutes its own choices for the results of popular search engines as a means of monetization.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1056, editor = {ESET}, author = {Aleksandr Matrosov}, title = {ZeroAccess: code injection chronicles}, date = {26}, month = Jun, year = {2012}, howpublished = {\url{http://blog.eset.com/2012/06/25/zeroaccess-code-injection-chronicles blog.eset.com}}, }