BKDR_ZACCESS.SMQQ
Posted: August 16, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 2/10 |
---|---|
Infected PCs: | 17 |
First Seen: | August 16, 2012 |
---|---|
OS(es) Affected: | Windows |
BKDR_ZACCESS.SMQQ is a ZeroAccess-based Trojan that displays a fake Adobe software pop-up as part of the installation process for other ZeroAccess-related PC threats. BKDR_ZACCESS.SMQQ's attack only appears for nonadministrator Windows accounts that require privilege elevation before the rest of the malware can be installed. Because BKDR_ZACCESS.SMQQ is always part of a multi-component attack that involves several types of ZeroAccess Trojans or rootkits, SpywareRemove.com malware experts recommend that you scan your PC thoroughly with anti-malware software after any signs of BKDR_ZACCESS.SMQQ-related attacks (such as its characteristic installer pop-up). PC threats from BKDR_ZACCESS.SMQQ's family always should be considered high-level security risks due to their penchant for stealing bank account information, installing additional malware and blocking security programs.
How BKDR_ZACCESS.SMQQ Attacks Your PC with Your Permission
BKDR_ZACCESS.SMQQ is dropped on your PC by another ZeroAccess Trojan, BKDR_ZACCESS.KP, in instances where limited admin privileges prevent BKDR_ZACCESS.KP from installing its payload. Although BKDR_ZACCESS.SMQQ is dropped as a malicious DLL, a binary planting exploit allows BKDR_ZACCESS.SMQQ to be launched via a fake InstallFlasherPlayer.exe file. BKDR_ZACCESS.SMQQ then proceeds to display a standard UAC (User Account Control) pop-up to install Adobe Flash Player. This pop-up even includes the same publisher verification field as the real thing.
Because this pop-up looks identical to one that displays when you're trying to install the real Adobe Flash Player on a Windows account, many victims may install the full ZeroAccess Trojan without realizing what they've done. BKDR_ZACCESS.SMQQ's method of installation appears to be working out for ZeroAccess malware, given that SpywareRemove.com malware analysts have noted a rise in ZeroAccess infections as of July 2012.
However, Windows users with full administrator privileges will never see BKDR_ZACCESS.SMQQ – BKDR_ZACCESS.KP will install the rest of its malicious software without ever dropping BKDR_ZACCESS.SMQQ or causing its pop-up to appear.
The Aftereffects of Trusting BKDR_ZACCESS.SMQQ's 'Adobe' Installer
The ultimate consequence of a BKDR_ZACCESS.SMQQ attack is a full blown ZeroAccess infection that can be used for a range of broadly-applicable attacks against your computer. SpywareRemove.com malware experts have taken note of the following functions in particular:
- Opening a firewall-bypassing backdoor to download malicious files or transfer personal information.
- Theft of information related to bank accounts by monitoring website interaction (form submissions and URLs visited) and, potentially, modifying web content to steal additional information.
- Blocking security programs, especially programs that are included by default with Windows (the Windows Firewall, Windows Defender, Windows Security Center, et cetera).
Trojan droppers that install BKDR_ZACCESS.SMQQ Trojans are often distributed as fake cracks or key generators for popular games, particularly through torrenting services. To delete droppers like BKDR_ZACCESS.SMQQ you should always use anti-malware software as required, since Trojans associated with BKDR_ZACCESS.SMQQ will use misleading file names and file locations to make themselves appear as part of your operating system.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:Youtube_Grabber_Keygen.exe
File name: Youtube_Grabber_Keygen.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Diablo_III_crack.exe
File name: Diablo_III_crack.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Microsoft_Office_Professional.crack.exe
File name: Microsoft_Office_Professional.crack.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
K-Lite Codec Pack.exe
File name: K-Lite Codec Pack.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
msimg32.dll
File name: msimg32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.