I am a highschool student taking TestOut's Ethical Hacker Pro. Currently I am learning about rootkits and Sirefef. When explaining Sirefef, it says:
Sirefef hides itself by altering the internal processes of an operating system so that your antivirus and anti-spyware can't detect it.
I'm not sure what this means. Could anyone help me out?
Schroeder posted a great resource for learning about common malware. To answer your question directly using the link he provided:
Sirefef tries to stop and delete the following security-related services:
- Base Filtering Engine Service (bfe) IP Helper Service (iphlpsvc)
- Windows Defender Service (windefend) Windows Firewall Service (mpssvc)
- Windows Security Center Service (wscsvc) Windows Firewall Windows
- Update Multiple other services, including PolicyAgent, Program
- Compatibility Assistant Service (pcasvc), and RemoteAccess
and
Sirefef tries to turn off Windows Firewall to make sure its own traffic won’t be blocked.
