As a rootkit, Sirefef gives attackers full access to your system while using stealth techniques in order to hide its presence from the affected device. Sirefef hides itself by altering the internal processes of an operating system so that your antivirus and anti-spyware can't detect it. It includes a sophisticated self-defense mechanism which terminates any security-related processes that attempts to access it.
As a virus, Sirefef attaches itself to an application. When you run the infected application, Sirefef is executed. Consequently, it will activate and deliver its payload, such as capturing your sensitive information, deleting critical system files, and enabling backdoors for attackers to use and access your system over the Internet.
Trojan HorseYou may also become infected with Sirefef in a form of a Trojan horse. Sirefef can disguise itself as a legitimate application, such as a utility, game, or even a free antivirus program. Attackers use this technique to trick you into downloading the fake application, and once you allow the application to run on your computer, the hidden Sirefef malware is executed.
There are many ways your system can become infected with this malware. Sirefef is often distributed by exploits that promote software piracy. Pirated software often require key generators (keygens) and password crackers (cracks) to bypass software licensing. When the pirated software is executed, the malware replaces system critical drivers with its own malicious copy in attempt to trick the operating system. Subsequently, the malicious driver will load each time your operating system starts.
Another way Sirefef can install on your machine is by visiting infected websites. An attacker can compromise a legitimate website with the Sirefef malware which will infect your computer when you visit the site. An attacker can also trick you into visiting a bad site through phishing. Phishing is the practice of sending spam email to users with the intention of tricking them into revealing sensitive information or clicking on a link. In this case, you would receive an email enticing you to click on a link that will direct you to an infected website.
Sirefef communicates to remote hosts through a peer-to-peer (P2) protocol. It uses this channel to download other malware components and hides them within Windows directories. Once installed, the components are capable of performing the following tasks:
- Stops Windows Firewall -- Sirefef attempts to turn off Windows Firewall to ensure that its own traffic is not interrupted.
- Stops Windows Defender Service -- By stopping Windows Defender, Sirefef can execute its malicious code without being detected.
- Changes your Internet Browser settings -- You may experience changes with your Internet browser, such as changes to your home page and modifying your search engine results.
- Contacts remote hosts -- Sirefef can send information about your infected computer and can create a network of other infected computers to coordinate a much greater attack, such as a botnet (zombie) attack.
- Creates a folder to store other malware -- Sirefef will download other malware and store them in hidden files.