ZeroAccess – the movie

Back in October we blogged about the recently uncovered (at the time) ZeroAccess kernel-mode rootkit and published some screenshots of how an infected machine looked when analysed by ECAT. We’ve gone back this time for another look at ZeroAccess and drilled down in more detail with this 4 minute video. We show step-by-step how the rootkit compromised the machine and how and why ECAT raised the suspect level on each compromised or injected component found.

 

We’ll be following up in future posts with more analyses using ECAT and posting videos on our Youtube channel that you can subscribe to here.

For a whitepaper on ECAT or to request more information, please click here

Finding an evil in a haystack...

• The Threats
• Our Approach
• Our Software

Latest Blog Posts

• 16.02Securabit ECAT Podcast Feb 22nd: Old wine in a new bottle
• 15.02ECAT now integrates Bit9's GSR
• 13.02Introduction to ECAT - Video
• 26.01RSA - your complementary expo pass
• 16.01When being #1 means a 42% failure rate
• 09.01ECAT at RSA Conference 2012 - Feb 27
• 01.01ZeroAccess - the movie
• 21.11Down and Dirty with Duqu - Analysis with ECAT
• 02.11Poison Ivy ("Nitro") and ECAT analysis
• 02.11Silicium and Opswat partner to integrate Metascan, ECAT

Follow us

Archives

• February 2012
• January 2012
• November 2011
• October 2011
• September 2011
• May 2011
• April 2011
• March 2011
• November 2010
• October 2010
• September 2010
• July 2010