Malware you can "live with", but shouldn't
Posted on 06.05.2013
The main symptom of a computer being infected with the ZeroAccess (or Sirefef) malware is that online searches via Google Search often lead to unhelpful pages filled with ads and equally useless links. This generates revenue for the malware's controllers, but it's extremely irritating for the affected users.


But the malware's authors are clever. They know that many people will have no idea that their computers are infected if they keep ZeroAccess' actions down to a minimum, or if they notice its actions they will take their time to do something about it because they can stand the inconvenience - for a while, at least.

ZeroAccess often gets installed on the users' computer by the users themselves, who are tricked into believing they are installing a legitimate piece of software such as Adobe's Flash Player. The thusly delivered downloader downloads the ZeroAccess malware and immediately starts hogging the CPU's resources.

"Since this is a rootkit, there are no toolbars/extensions/BHO’s added to the browser. There are also no modified proxy settings or modified hosts files. What is interesting about this rootkit sample is that the redirects do not happen every time. The action will occur about once every three attempts." points out Webroot's Richard Melick. "The number of redirects caps out around 4-5 and then everything will seem normal until a restart of the browser.

"This erratic action can make it extremely difficult to troubleshoot. It can also prove to be very frustrating for a user to explain as it is not consistent and once the redirection occurs enough times, the issue stops for the rest of the browsing session. We have seen instances where consumers have just been 'living with it' for months," he adds.

Luckily for the users, this type of infection is almost benign when compared with instances of information-stealing and banking malware.

Still, they shouldn't put up with it because it effectively degrades the quality of their Internet use, generates money for the controllers which, in turn, will motivate them to continue delivering the malware to unsuspecting victims and, finally, the unhelpful search results could ultimately also lead to more destructive malware of phishing pages.









Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //