ZeroAccess: code injection chronicles
Jump to navigation
Jump to search
(Publication) Google search: [1]
| ZeroAccess: code injection chronicles | |
|---|---|
| |
| Botnet | ZeroAccess |
| Malware | ZeroAccess_(bot) |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / June 26, 2012 |
| Editor/Conference | ESET |
| Link | http://blog.eset.com/2012/06/25/zeroaccess-code-injection-chronicles blog.eset.com (blog.eset.com Archive copy) |
| Author | Aleksandr Matrosov |
| Type | |
Abstract
“ At the end of spring 2012, the rootkit family Win32/Sirefef and Win64/Sirefef (also known as ZeroAccess) was updated. We start tracking the first updated samples at the beginning of May when a new affiliation program started for the distribution of a new ZeroAccess version. The updated version of Sirefef doesn't use kernel-mode drivers, as was done previously, and doesn’t have hidden file storage. The affiliation program substitutes its own choices for the results of popular search engines as a means of monetization.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1056,
editor = {ESET},
author = {Aleksandr Matrosov},
title = {ZeroAccess: code injection chronicles},
date = {26},
month = Jun,
year = {2012},
howpublished = {\url{http://blog.eset.com/2012/06/25/zeroaccess-code-injection-chronicles blog.eset.com}},
}