Home / malwarePDF  

Trojan:Win32/Sirefef.O


First posted on 29 November 2011.
Source: SecurityHome

Aliases :

Trojan:Win32/Sirefef.O is also known as Zero Access rootkit (other), Win-Trojan/Zaccess.816 (AhnLab), BackDoor.Maxplus.24 (Dr.Web), Win32/Sirefef.CT (ESET), Backdoor.Win32.ZAccess.ob (Kaspersky), ZeroAccess.a (McAfee), Troj/ZAccess-I (other), Trojan.Zeroaccess (Symantec), TROJ_FAKEAL.K (Trend Micro).

Explanation :

Trojan:Win32/Sirefef.O is a trojan component of the Win32/Sirefef family, and is installed by variants of TrojanDropper:Win32/Sirefef. The trojan provides functionality for other installed Win32/Sirefef rootkit components.


Top

Trojan:Win32/Sirefef.O is a trojan component of the Win32/Sirefef family and provides functionality for other installed Win32/Sirefef rootkit components.



Installation

Trojan:Win32/Sirefef.O is installed by variants of TrojanDropper:Win32/Sirefef and is commonly less than 1Kb in size. The trojan is capable of controlling access to a device object created by the main rootkit as the following:

  • \??\ACPI#PNP0303#2&da1a3ff&0


The above object is used as storage by the rootkit to hide other component files.

Additional information

The presence of Trojan:Win32/Sirefef.O is an indication that the computer may be infected with other Sirefef rootkit components, such as Virus:Win32/Sirefef.M.



Analysis by Zarestel Ferrer

Last update 29 November 2011

 

TOP