ZeroAccess rootkit launched by signed installers
(Publication) Google search: [1]
ZeroAccess rootkit launched by signed installers | |
---|---|
Botnet | |
Malware | ZeroAccess |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2011 / 21 novembre 2011 |
Editor/Conference | McAfee |
Link | http://blogs.mcafee.com/mcafee-labs/zeroaccess-rootkit-launched-by-signed-installers (Archive copy) |
Author | Kevin Beets, Peter Szor |
Type |
Abstract
“ Digital certificates and certificate authorities have been much in the news recently. Attacks–such as those used by Stuxnet, Duqu, and other malware–involving stolen certificates show an increasingly worrisome new security trend.
Certificate authorities have been targeted several times in the recent past with some success. There is a large chunk of known malware signed by apparently legitimate companies that appear to have authored malware, adware, and/or potentially unwanted programs. As a matter of fact, a very significant percentage of recent malware executables (as high as 5 percent) purport to be, or are, signed with some sort of certificate. Even in the case of mobile malware, signed executables have appeared because issuers have failed to see the malware in the files before approving them. This attention to certificates by malware authors seems to validate that they are indeed the “keys to the kingdom.”
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR876, editor = {McAfee}, author = {Kevin Beets, Peter Szor}, title = {ZeroAccess rootkit launched by signed installers}, date = {Error: Invalid time.}, month = Error: Invalid time., year = {2011}, howpublished = {\url{http://blogs.mcafee.com/mcafee-labs/zeroaccess-rootkit-launched-by-signed-installers}}, }