Home / malwarePDF  

Trojan:Win32/Sirefef.AK


First posted on 23 June 2012.
Source: Microsoft

Aliases :

Trojan:Win32/Sirefef.AK is also known as Win32/Sirefef.EU trojan (ESET), Trojan.Win32.Alureon (Ikarus), ZeroAccess.ep (McAfee), Mal/ZAccess-CA (Sophos), TROJ_ALUREON.CYZ (Trend Micro).

Explanation :



Trojan:Win32/Sirefef.AK is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results, and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.



Installation

Trojan:Win32/Sirefef.AK is installed and run by other variants of Win32/Sirefef and may have the file name "80000032.@".



Payload

Trojan:Win32/Sirefef.AK provides two function calls for Win32/Sirefef:

  • 80000032_1
  • 80000032_2


These two functions are used to drop additional components to the infected system, and to generate clicks for selective websites:

  • 37millionminutes.com
  • dailymotion.com
  • egotv.com
  • eyehandy.com
  • gourmandia.com
  • Gourmandia_com
  • mevio.com
  • videobash.com


For more information, please see the Win32/Sirefef family entry elsewhere in our encyclopedia.



Analysis by Shali Hsieh

Last update 23 June 2012

 

TOP