Researchers Find Weakness in ZeroAccess Rootkit

Friday, November 19, 2010

Headlines

69dafe8b58066478aea48f3d0f384820

InfoSec Institute staff have uncovered a vulnerability in the  ZeroAccess Rootkit, a powerful malware tool that allows hackers to carry out targeted attacks and steal a wide array of data.

ZeroAccess has been spreading through bogus scareware tactics that use pop-up alerts to coax unwitting internet users to download the malicious code by offering to conduct a free security scan of the victim's computer.

Though the maleware is not as prevalent as other threats, it has caught the attention of security pros because it is quite sophisticated, very difficult to detect, and nearly impossible to remove without damaging the infected operating system.

ZeroAccess acts as a conduit to download and execute other malware designed to accomplish specific tasks, acting as a gateway mechanism for the rapid distribution of other exploits, explains the Infosec Institute's Jack Koziol:

ZeroAccess by itself doesn’t do any data collection or active damage to the host. It is a platform that cyber-criminals can use to install whatever crimeware they are pushing that day, said Koziol. If the "flavor of the month" is to steal financial data, the criminals can start distributing the Zeus Trojan to compromised boxes.

The malware has been traced to sites controlled by the infamous Russian Business Network, a wildly successful cyber criminal organization.

The weaknesses identified would disable ZeroAccess's ability to run undetected.

Source:  http://www.eweek.com/c/a/Security/InfoSec-Cracks-Open-ZeroAccess-Rootkit-to-Find-Unique-Features-462289/

Possibly Related Articles:
4289
Viruses & Malware
malware Exploits Headlines Russian Business Network ZeroAccess
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.