In this frequently asked questions post, I will publish some of the questions people ask me, and then will post some answers from my expertise about Sirefef or ZeroAccess.
Q: How to protect from this atrocity?
Q: Are Sirefef and ZeroAccess the same thing?
A: YES! They are both the same, but names different by many antivirus companies. This is sometimes due to language translations and competitiveness.
Q: Can the ZeroAccess virus infect my flash drive?
A: I doubt that the virus could activate on the flash drive, unless you plugged it in while logged on to the infected Windows. If you’re worried about running something accidental on the flash drive, use USB Immunizer from BitDefender to disinfect it.
Q: Should my passwords be changed after the ZeroAccess infection? Is it only active ones to change?
All active passwords and even passive ones need to be changed. If you’re unsure about passive ones, then don’t set a new password based on old passwords. Go all fresh with new passwords. See more on passwords.
Q: What is Sirefef, how did it infect my computer, or when are new variants released?
Sirefef or ZeroAccess is a transitional rootkit, virus, and/or backdoor trojan. It is still being watched and studied constantly, having 2-3 new variants every two weeks. We stay abreast of all changes.
Q: How did Sirefef infect me?
Viruses or other malware get embedded in to webpages through iFrame exploits commonly, or through vulnerable plugin exploitation. For iFrame exploits, malware authors can create a small (1x1px) iFrame, which contains scripts necessary to run malware on a target machine by automatically downloading and installing malware. The vulnerable plugin problem happens when people fail to update Adobe Reader, Adobe Flash Player, Java Runtime Environment, Apple QuickTime, Mozilla Firefox, etc. Many times, malware authors use these vulnerable versions of the plugins to distribute an exploit, which can allow them to take control of a computer.
Other malware can be distributed by means of operating system and program bugs. Sometimes programs and very often, Windows, becomes vulnerable to attacks, because of certain bugs in the code.
Those whom do not have proper Internet security protection will fall victim to exploits.
Many people are being hit with Sirefef because of these exploits. I’d say 3/4 of people I’ve seen here on the forums have out-of-date plugins, inevitably leading to infection. Sirefef is one of the most prevalent and highly engaged malware coded problems in the past year.