Home / malwarePDF  

Trojan:Win32/Sirefef.AL


First posted on 23 June 2012.
Source: Microsoft

Aliases :

Trojan:Win32/Sirefef.AL is also known as Rootkit.ZeroAccess.Gen.4 (VirusBuster), Trojan.Sirefef.FZ (BitDefender), Trojan.Win32.Sirefef (Ikarus), Trojan.Win32.Zapchast.acao (Kaspersky), ZeroAccess.eh (McAfee), Troj/Sirefef-AZ (Sophos), TROJ_SIREFEF.EM (Trend Micro).

Explanation :



Trojan:Win32/Sirefef.AL is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results, and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.



Installation

Trojan:Win32/Sirefef.AL is installed and run by other variants of Win32/Sirefef and may have the file name "800000cb.@".



Payload

Trojan:Win32/Sirefef.AL provides two function calls for Win32/Sirefef:

  • 800000cb_2


This function is used to monitor and inject Win32/Sirefef into the system process "£svchost.exe$".

For more information, please see the Win32/Sirefef family entry elsewhere in our encyclopedia.



Analysis by Shali Hsieh

Last update 23 June 2012

 

TOP