English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

Virus Watch|MAX++ sets its sights on x64 platforms

Vasily Berdnikov
Kaspersky Lab Expert
Posted May 24, 14:46  GMT
Tags: Rootkits
0.3
 

In the last few days experts at Kaspersky Lab have detected new samples of the malicious program MAX++ (aka ZeroAccess). This Trojan first achieved notoriety for using advanced rootkit technology to hide its presence in a system. Back then, MAX++ only worked on x86 platforms; now it is capable of functioning on x64 systems!

Computers are infected using a drive-by attack on a browser and its components via the Bleeding Life exploit kit. In particular, Acrobat Reader (CVE 2010-0188, CVE 2010-1297, CVE 2010-2884, CVE 2008-2992) and Java (CVE 2010-0842, CVE 2010-3552) modules are prone to attack.



Fragment of the exploit kit code responsible for attacking a specific version of Acrobat Reader