First posted on 23 June 2012.
Trojan:Win32/Sirefef.AK is also known as Win32/Sirefef.EU trojan (ESET), Trojan.Win32.Alureon (Ikarus), ZeroAccess.ep (McAfee), Mal/ZAccess-CA (Sophos), TROJ_ALUREON.CYZ (Trend Micro).
Trojan:Win32/Sirefef.AK is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results, and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.
Trojan:Win32/Sirefef.AK is installed and run by other variants of Win32/Sirefef and may have the file name "80000032.@".
Trojan:Win32/Sirefef.AK provides two function calls for Win32/Sirefef:
These two functions are used to drop additional components to the infected system, and to generate clicks for selective websites:
For more information, please see the Win32/Sirefef family entry elsewhere in our encyclopedia.
Analysis by Shali Hsieh
Last update 23 June 2012