BKDR_ZACCESS.KP

BKDR_ZACCESS.KP is a Trojan dropper that's used to install other components of a ZeroAccess infection. The exact installation routine that BKDR_ZACCESS.KP uses may or may not display symptoms, depending on the level of the Windows account's user privileges, and a symptomless install is far from rare. Because BKDR_ZACCESS.KP is most-often distributed by P2P networks as fake gaming cracks and other pirated forms of software, SpywareRemove.com malware experts recommend that you scan suspicious programs before installing anything that you've downloaded from an insecure source. BKDR_ZACCESS.KP's installation of the rest of a ZeroAccess infection only includes symptoms in certain circumstances, such as fake pop-ups for Adobe Flash installers, and aren't guaranteed to display any symptoms afterward. Given that BKDR_ZACCESS.KP's ultimate payload is a high-level PC threat that's capable of stealing such confidential information as bank credentials, any potential BKDR_ZACCESS.KP attack should be treated with the utmost caution until your PC has been disinfected by anti-malware software.

Why Piracy Doesn't Pay: an Unintentional Lesson from BKDR_ZACCESS.KP

BKDR_ZACCESS.KP's main propagation strategy uses mislabeled EXE files downloaded from peer-to-peer networks, with BKDR_ZACCESS.KP's disguises including license key generators, game cracks, pre-cracked versions of popular programs and popular movies. After its launch, BKDR_ZACCESS.KP checks your PC for the privileges level of the active Windows account. If your account has administrator privileges, BKDR_ZACCESS.KP will install the rest of its payload (which is fixed as a ZeroAccess Trojan, due to BKDR_ZACCESS.KP's nature as a Trojan dropper) without any symptoms of this attack. Correspondingly, SpywareRemove.com malware analysts note that it may be wise to scan your PC with anti-malware products if you open a suspicious file that appears to do nothing or displays an error message in the program that's meant to open it.

However, what makes BKDR_ZACCESS.KP interesting is what BKDR_ZACCESS.KP does in cases where account restrictions prevent BKDR_ZACCESS.KP from installing its payload without your consent. In such scenarios, BKDR_ZACCESS.KP drops two temporarily files – the .DLL Trojan detected as BKDR_ZACCESS.SMQQ and a fake InstallFlashPlayer.exe file – with the former launching in the latter. BKDR_ZACCESS.SMQQ also will display a UAC pop-up that indicates that Adobe's Flash Player is trying to install. SpywareRemove.com malware researchers make a note of the fact that this pop-up is identical to a normal installation pop-up from the UAC in all respects, and can trick victims into granting permission to a ZeroAccess installer without their realizing what actually happened.

Why You Don't Want the Kind of Access That BKDR_ZACCESS.KP Offers

Although BKDR_ZACCESS.KP's attacks are limited to gathering basic information about your PC to install other PC threats, the full payload of a successful BKDR_ZACCESS.KP attack can include a range of functions. Some corresponding attacks that SpywareRemove.com malware research team considers especially dangerous include likely theft of financial information, browser hijacks that insert phishing content into unrelated web pages, compromised account passwords/logins and disabled security-related programs.

Since BKDR_ZACCESS.KP and related ZeroAccess-based Trojans conceal their components with inaccurate file names, obscure locations and, in some cases, even code injection attacks into unrelated files, SpywareRemove.com malware researchers feel comfortable in discouraging manual find and delete BKDR_ZACCESS.KP without much trouble.

Technical Details