evilMule in kernel mode – an analysis of the network functionality of Sirefef

2012-05-03

Chun Feng

Microsoft, Australia

Editor: Helen Martin

Abstract

Win32/Sirefef (a.k.a. ZeroAccess) is one of the most prevalent threats in the wild today. Its main component is a kernel-mode driver, which implements a kernel-mode P2P file distribution system to deploy new malware components and upgrade existing ones. Chun Feng describes the design and implementation of this P2P file distribution system.

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

Magazine


	May 2012 PDF Please register to download the PDF Kindle Please register to download the Kindle PRC Comment AV: Mind the gap News Flashback cash Religion riskier than pornography Malware prevalence report March 2012 Malware analyses evilMule in kernel mode – an analysis of the network functionality of Sirefef Like a bat out of hell Technical features Malware design strategies for circumventing detection and prevention controls – part one Mobile banking vulnerability: Android repackaging threat Comparative review VBSpam comparative review March 2012 Calendar Anti-malware industry events See also Virus Bulletin archives How to become a subscriber Reprints