Home Malware Programs Backdoors BKDR_ZACCESS.SMQQ

BKDR_ZACCESS.SMQQ

Posted: August 16, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 17
First Seen: August 16, 2012
OS(es) Affected: Windows

BKDR_ZACCESS.SMQQ is a ZeroAccess-based Trojan that displays a fake Adobe software pop-up as part of the installation process for other ZeroAccess-related PC threats. BKDR_ZACCESS.SMQQ's attack only appears for nonadministrator Windows accounts that require privilege elevation before the rest of the malware can be installed. Because BKDR_ZACCESS.SMQQ is always part of a multi-component attack that involves several types of ZeroAccess Trojans or rootkits, SpywareRemove.com malware experts recommend that you scan your PC thoroughly with anti-malware software after any signs of BKDR_ZACCESS.SMQQ-related attacks (such as its characteristic installer pop-up). PC threats from BKDR_ZACCESS.SMQQ's family always should be considered high-level security risks due to their penchant for stealing bank account information, installing additional malware and blocking security programs.

How BKDR_ZACCESS.SMQQ Attacks Your PC with Your Permission

BKDR_ZACCESS.SMQQ is dropped on your PC by another ZeroAccess Trojan, BKDR_ZACCESS.KP, in instances where limited admin privileges prevent BKDR_ZACCESS.KP from installing its payload. Although BKDR_ZACCESS.SMQQ is dropped as a malicious DLL, a binary planting exploit allows BKDR_ZACCESS.SMQQ to be launched via a fake InstallFlasherPlayer.exe file. BKDR_ZACCESS.SMQQ then proceeds to display a standard UAC (User Account Control) pop-up to install Adobe Flash Player. This pop-up even includes the same publisher verification field as the real thing.

Because this pop-up looks identical to one that displays when you're trying to install the real Adobe Flash Player on a Windows account, many victims may install the full ZeroAccess Trojan without realizing what they've done. BKDR_ZACCESS.SMQQ's method of installation appears to be working out for ZeroAccess malware, given that SpywareRemove.com malware analysts have noted a rise in ZeroAccess infections as of July 2012.

However, Windows users with full administrator privileges will never see BKDR_ZACCESS.SMQQ – BKDR_ZACCESS.KP will install the rest of its malicious software without ever dropping BKDR_ZACCESS.SMQQ or causing its pop-up to appear.

The Aftereffects of Trusting BKDR_ZACCESS.SMQQ's 'Adobe' Installer

The ultimate consequence of a BKDR_ZACCESS.SMQQ attack is a full blown ZeroAccess infection that can be used for a range of broadly-applicable attacks against your computer. SpywareRemove.com malware experts have taken note of the following functions in particular:

  • Opening a firewall-bypassing backdoor to download malicious files or transfer personal information.
  • Theft of information related to bank accounts by monitoring website interaction (form submissions and URLs visited) and, potentially, modifying web content to steal additional information.
  • Blocking security programs, especially programs that are included by default with Windows (the Windows Firewall, Windows Defender, Windows Security Center, et cetera).

Trojan droppers that install BKDR_ZACCESS.SMQQ Trojans are often distributed as fake cracks or key generators for popular games, particularly through torrenting services. To delete droppers like BKDR_ZACCESS.SMQQ you should always use anti-malware software as required, since Trojans associated with BKDR_ZACCESS.SMQQ will use misleading file names and file locations to make themselves appear as part of your operating system.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



Youtube_Grabber_Keygen.exe File name: Youtube_Grabber_Keygen.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Diablo_III_crack.exe File name: Diablo_III_crack.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Microsoft_Office_Professional.crack.exe File name: Microsoft_Office_Professional.crack.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
K-Lite Codec Pack.exe File name: K-Lite Codec Pack.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
msimg32.dll File name: msimg32.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Loading...