BKDR_ZACCESS.SMQQ

BKDR_ZACCESS.SMQQ Description

BKDR_ZACCESS.SMQQ is a ZeroAccess-based Trojan that displays a fake Adobe software pop-up as part of the installation process for other ZeroAccess-related PC threats. BKDR_ZACCESS.SMQQ’s attack only appears for nonadministrator Windows accounts that require privilege elevation before the rest of the malware can be installed. Because BKDR_ZACCESS.SMQQ is always part of a multi-component attack that involves several types of ZeroAccess Trojans or rootkits, SpywareRemove.com malware experts recommend that you scan your PC thoroughly with anti-malware software after any signs of BKDR_ZACCESS.SMQQ-related attacks (such as its characteristic installer pop-up). PC threats from BKDR_ZACCESS.SMQQ’s family always should be considered high-level security risks due to their penchant for stealing bank account information, installing additional malware and blocking security programs.

How BKDR_ZACCESS.SMQQ Attacks Your PC with Your Permission

BKDR_ZACCESS.SMQQ is dropped on your PC by another ZeroAccess Trojan, BKDR_ZACCESS.KP, in instances where limited admin privileges prevent BKDR_ZACCESS.KP from installing its payload. Although BKDR_ZACCESS.SMQQ is dropped as a malicious DLL, a binary planting exploit allows BKDR_ZACCESS.SMQQ to be launched via a fake InstallFlasherPlayer.exe file. BKDR_ZACCESS.SMQQ then proceeds to display a standard UAC (User Account Control) pop-up to install Adobe Flash Player. This pop-up even includes the same publisher verification field as the real thing.

Because this pop-up looks identical to one that displays when you’re trying to install the real Adobe Flash Player on a Windows account, many victims may install the full ZeroAccess Trojan without realizing what they’ve done. BKDR_ZACCESS.SMQQ’s method of installation appears to be working out for ZeroAccess malware, given that SpywareRemove.com malware analysts have noted a rise in ZeroAccess infections as of July 2012.

However, Windows users with full administrator privileges will never see BKDR_ZACCESS.SMQQ – BKDR_ZACCESS.KP will install the rest of its malicious software without ever dropping BKDR_ZACCESS.SMQQ or causing its pop-up to appear.

The Aftereffects of Trusting BKDR_ZACCESS.SMQQ’s ‘Adobe’ Installer

The ultimate consequence of a BKDR_ZACCESS.SMQQ attack is a full blown ZeroAccess infection that can be used for a range of broadly-applicable attacks against your computer. SpywareRemove.com malware experts have taken note of the following functions in particular:

• Opening a firewall-bypassing backdoor to download malicious files or transfer personal information.
• Theft of information related to bank accounts by monitoring website interaction (form submissions and URLs visited) and, potentially, modifying web content to steal additional information.
• Blocking security programs, especially programs that are included by default with Windows (the Windows Firewall, Windows Defender, Windows Security Center, et cetera).

Trojan droppers that install BKDR_ZACCESS.SMQQ Trojans are often distributed as fake cracks or key generators for popular games, particularly through torrenting services. To delete droppers like BKDR_ZACCESS.SMQQ you should always use anti-malware software as required, since Trojans associated with BKDR_ZACCESS.SMQQ will use misleading file names and file locations to make themselves appear as part of your operating system.

BKDR_ZACCESS.SMQQ Automatic Detection Tool (Recommended)

Technical Details

Home Malware ProgramsBackdoors BKDR_ZACCESS.SMQQ