Tuesday, November 12, 2013

ZeroAccess

This one is dedicated to one of my peers, who recently left the Higher Ed Infosec world for the private sector.  Keep on fighting the good fight, Gabe.

Meanwhile, along with Cryptolocker, we've been seeing lots of ZeroAccess infections.  ZeroAccess is a downloader itself, but it can bring down all sorts of nastiness, from Zeus to Bitcoin miners to clickfraud runners.  It even does fun filesystem tricks to hide itself from antivirus software.  It's a one-stop-shop for badness.

And in the spirit of my Cryptolocker Rap, here's a rap featuring ZeroAccess.



ZeroAccess


ZeroAcess:
Worse than taxes!
It's a danger! Don't relaxes.
It's a trojan that harasses.
It infectses all the masses.

Through the I-net,
It's a safe bet,
Through a website when Java abets,
Like a program suid set,
It will take all the things it can get.

ZeroAcess:
Worse than taxes!
It's a danger! Don't relaxes.
It's a trojan that harasses.
It infectses all the masses.

Once it installs,
It has a ball.
Slips by AV and your firewall.
It then makes a little phone call
And downloads friends; makes your jaw fall.

ZeroAcess:
Worse than taxes!
It's a danger! Don't relaxes.
It's a trojan that harasses.
It infectses all the masses.

It does Bitcoin!
IRC joins!
It does click fraud, tries to purloin.
"All your data, it's now all moin!"
Says the malware. It kicks your groin.

ZeroAcess:
Worse than taxes!
It's a danger! Don't relaxes.
It's a trojan that harasses.
It infectses all the masses.