Malware you can "live with", but shouldn't
Posted on 06.05.2013
The main symptom of a computer being infected with the ZeroAccess (or Sirefef) malware is that online searches via Google Search often lead to unhelpful pages filled with ads and equally useless links. This generates revenue for the malware's controllers, but it's extremely irritating for the affected users.


But the malware's authors are clever. They know that many people will have no idea that their computers are infected if they keep ZeroAccess' actions down to a minimum, or if they notice its actions they will take their time to do something about it because they can stand the inconvenience - for a while, at least.

ZeroAccess often gets installed on the users' computer by the users themselves, who are tricked into believing they are installing a legitimate piece of software such as Adobe's Flash Player. The thusly delivered downloader downloads the ZeroAccess malware and immediately starts hogging the CPU's resources.

"Since this is a rootkit, there are no toolbars/extensions/BHO’s added to the browser. There are also no modified proxy settings or modified hosts files. What is interesting about this rootkit sample is that the redirects do not happen every time. The action will occur about once every three attempts." points out Webroot's Richard Melick. "The number of redirects caps out around 4-5 and then everything will seem normal until a restart of the browser.

"This erratic action can make it extremely difficult to troubleshoot. It can also prove to be very frustrating for a user to explain as it is not consistent and once the redirection occurs enough times, the issue stops for the rest of the browsing session. We have seen instances where consumers have just been 'living with it' for months," he adds.

Luckily for the users, this type of infection is almost benign when compared with instances of information-stealing and banking malware.

Still, they shouldn't put up with it because it effectively degrades the quality of their Internet use, generates money for the controllers which, in turn, will motivate them to continue delivering the malware to unsuspecting victims and, finally, the unhelpful search results could ultimately also lead to more destructive malware of phishing pages.









Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //