Home / malware Trojan:Win32/Sirefef.AK
First posted on 23 June 2012.
Source: MicrosoftAliases :
Trojan:Win32/Sirefef.AK is also known as Win32/Sirefef.EU trojan (ESET), Trojan.Win32.Alureon (Ikarus), ZeroAccess.ep (McAfee), Mal/ZAccess-CA (Sophos), TROJ_ALUREON.CYZ (Trend Micro).
Explanation :
Trojan:Win32/Sirefef.AK is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results, and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.
Installation
Trojan:Win32/Sirefef.AK is installed and run by other variants of Win32/Sirefef and may have the file name "80000032.@".
Payload
Trojan:Win32/Sirefef.AK provides two function calls for Win32/Sirefef:
- 80000032_1
- 80000032_2
These two functions are used to drop additional components to the infected system, and to generate clicks for selective websites:
- 37millionminutes.com
- dailymotion.com
- egotv.com
- eyehandy.com
- gourmandia.com
- Gourmandia_com
- mevio.com
- videobash.com
For more information, please see the Win32/Sirefef family entry elsewhere in our encyclopedia.
Analysis by Shali Hsieh
Last update 23 June 2012
