igotspam
A Rootkit May Be Lurking on Your Boot Record
Filed in archive Malware by Sue Walsh on January 11, 2008
A Rootkit May Be Lurking on Your Boot Record
According to Symantec a new rootkit has been found. The kit, named Trojan.Mebroot, lurks in a PC's master book record. What's particularly nasty about this one is it's beginning to infect Windows PCs, and even worse, it's undetectable to most anti-virus software. Symantec says Trojan.Mebroot overwrites the MBR, thereby taking total control of the system:
The main problem is that some versions of Microsoft Windows allow programs to overwrite disk sectors directly (including the MBR) from user mode, without restrictions. As such, writing a new MBR into Sector 0 as a standard user is a relatively easy task. This issue has been known for quite some time, and still affects the 2K/XP families, while Vista was partially secured in 2006 (after Release Candidate 2) after a successful attack demonstration made by Joanna Rutkowska.

It appears to be a derivative of the BootRoot and its kernel has been designed to install a backdoor Trojan. For now, it's only being found on XP systems. Vista's User Account Control seems to be keeping it at bay for now. It takes advantage of the following vulnerabilities:

Microsoft JVM ByteVerify (MS03-011)
Microsoft MDAC (MS06-014) (two versions)
Microsoft Internet Explorer Vector markup language (MS06-055)
Microsoft XML CoreServices (MS06-071)

You can check out the history of the rootkit at the Internet Storm Center.



Permalink: A Rootkit May Be Lurking on Your Boot Record
Tags: Server  anti  virus  Email  security  Exchange  anti  virus  Email  security  software  Email  managed  security 
Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/110145
img Addthis img Ask img Blinklist img del.icio.us img Digg img Fark img Facebook img Google img Lycos img Ma.gnolia Add this page to Mister Wong Mr Wong img Netscape img Netvousz img Newsvine img Reddit img StumbleUpon img Slashdot img Tailrank img Technorati img Wink img Yahoo

Vote for A Rootkit May Be Lurking on Your Boot Record:

  • Currently 10.00/10
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
Rating: 10.00 out of 1 vote(s) cast.
Subscribe
Share It
RSSrss
See all blog subscribe options
Google google
What is RSS?
Yahoo! yahoo
Addthis Subscribe using any feed reader!
Bloglines Bloglines
Newsletter

TwitterFollow us on Twitter!