Malicious Ads on Bing Lead to ZeroAccess Trojan

[Peaches]

Friday, October 14, 2011

Malicious Ads on Bing Lead to ZeroAccess Trojan

Search-engine poisoning has been the bane of many Internet users' existence for a long time, and it's one of many security problems that seems to not be getting any better. In some ways, it may be getting worse, actually. One of the main problems these days is the use of legitimate-looking ads that direct users to malicious sites rather than sites to download applications such as Flash or Firefox.

Researchers have been tracking various SEO-poisoning campaigns for some time now, and the attackers often will pin their campaigns to recent news events and popular search terms. In other cases, they simply go after popular downloads, and that's what's happening in a recent case that researchers at GFI Software discovered this week. In this case, a search on Bing for Adobe Flash turned up an ad pointing users to a site where they can supposedly download Flash 10.

Of course, what those users get isn't Flash, but a kick in the digital teeth in the form of the ZeroAccess Trojan. This piece of malware, also known as Max++ and Sirefef, is a particularly ugly pest and includes some rootkit functionality that gives it the ability to stay resident on an infected machine even after cleanup attempts and reboots. ZeroAccess also is being used in an ongoing attack discovered last week by researchers at Dell SecureWorks in which users are redirected from compromised sites to an attack site that installs the Trojan.

Story - https://threatpost.com/en_us/blogs/malicious-ads-bing-lead-zeroaccess-trojan-101411