The Sirefef/Zaccess family of Trojans, designed to download other malware, disable the machine’s security features, and make lasting changes to the computer, usually goes out to victims via email spam campaigns.
However, there is a new approach as the attackers began bundling the malware with codecs, game installers and crack/keygen applications, Trend Micro said.
“During the last weeks of July, we received reports from customers that their services.exe files were being patched by an unknown malware,” the researchers said.
As it turned out, the patched file was a component of the Sirefef/Zaccess malware family, and ran the malware’s other malicious components upon reboot.
“This proved to be a new variant of Sirefef/Zaccess, which now uses user-mode technique to stealthily load its malicious code, instead of using regular rootkit techniques,” the researchers said.
This infection with this new variant traced back to the execution of K-Lite Codec Pack.exe, and it has more than likely been downloaded by the users themselves from the Internet in order to play movies downloaded via P2P applications.
To show the offered codec is legitimate and to up the likelihood of the user downloading it, the file names also often end up modified to include the titles of popular movies.
Trend Micro numbers show Sirefef/Zaccess infections increased in July, going from 1,000 infected computers on the first of the month to over 11,000 by July 27.
The great majority of infected computers are in the U.S. Nevertheless, all users should be cautious when downloading files from untrusted sources such as P2P networks.