” is a family of Rootkits, capable of infecting the Windows Operating System. There has been a major shift over the last few months in the way it infects the machine. Previously Zero access infected the Kernel by rewriting system files with its kernel mode component, in order to run at elevated privilege when the system boots, but this version has no kernel mode component and operates entirely in user space.
- Kaspersky - Backdoor.Win32.ZAccess.csvq
- Microsoft - TrojanDropper:Win32/Sirefef.gen!D
- Nod32 - Win32/Kryptik.BHHX
- Norman - winpe/Kryptik.CCEI
Indication of Infection
Presence of above mentioned activities.
Methods of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc