Win32/Sirefef.er

The Win32/Sirefef.er family of Trojans, known as Sirefef to PC security analysts, is a kind of invasive malware infection that will typically result in an infection with a fake security software (such as "Antivirus 2011" or "Antimalware 2011"). Typically, Win32/Sirefef.er Trojans tend to have a browser hijacker component, often hooking into file processes associated with web browsers in order to spy on and direct online activity. Malware in the Win32/Sirefef.er family can also be used to force the infected computer system to execute a malicious code, allowing criminals to install malware on the compromised system. Since the first appearance of Win32/Sirefef.er in February of 2012, ESG security analysts have observed a marked growth in the number of reported cases of Win32/Sirefef.er infections. Win32/Sirefef.er is a severe malware infection and, due to the level of access that Win32/Sirefef.er grants hackers, has the potential for devastating damage on the infected computer system. Win32/Sirefef.er attacks tend to involve multiple components, usually including a rootkit component and a backdoor component.

The first attack on the victim's computer will usually come from a social engineering attack, either through malicious email, corrupted advertisements, or attack websites. Sirefef variants can also be detected as ZeroAccess – Win32/Sirefef.er is usually the name that Microsoft grants to these infectors. Since Win32/Sirefef.er is a relatively new family of Trojans, it is essential to make sure that your operating system and security software is updated up to at least March of 2012 in order to stop Win32/Sirefef.er. This malware is designed to attack computer systems using the Windows operating system, in particular Windows 7, Vista and XP.

Understanding the Win32/Sirefef.er Scam

As was mentioned above, the vast majority of the Win32/Sirefef.er infections that have been detected involve installing fake security software on the victim's computer. While Win32/Sirefef.er has the potential to infect the victim's computer with other malware, due to the nature of the infection, criminals utilizing Win32/Sirefef.er are attempting to profit from the sale of fake security software. How it works, is that criminals use the Win32/Sirefef.er infection in order to install a Trojan carrying a rogue security program. Once the rogue security program is installed, it forces the victim's computer to display constant alarming security alerts and error messages which do not go away until the victim agrees to purchase a bogus security application in order to "solve" these supposed threats on their computer system.