« Systems Administrator... | Main | Phishing Sites Now Using... »

A Rootkit May Be Lurking on Your Boot Record

Filed in archive Malware by Sue Walsh on January 10, 2008

According to Symantec a new rootkit has been found. The kit, named Trojan.Mebroot, lurks in a PC's master book record. What's particularly nasty about this one is it's beginning to infect Windows PCs, and even worse, it's undetectable to most anti-virus software. Symantec says Trojan.Mebroot overwrites the MBR, thereby taking total control of the system:

The main problem is that some versions of Microsoft Windows allow programs to overwrite disk sectors directly (including the MBR) from user mode, without restrictions. As such, writing a new MBR into Sector 0 as a standard user is a relatively easy task. This issue has been known for quite some time, and still affects the 2K/XP families, while Vista was partially secured in 2006 (after Release Candidate 2) after a successful attack demonstration made by Joanna Rutkowska.

It appears to be a derivative of the BootRoot and its kernel has been designed to install a backdoor Trojan. For now, it's only being found on XP systems. Vista's User Account Control seems to be keeping it at bay for now. It takes advantage of the following vulnerabilities:

Microsoft JVM ByteVerify (MS03-011)
Microsoft MDAC (MS06-014) (two versions)
Microsoft Internet Explorer Vector Markup Language (MS06-055)
Microsoft XML CoreServices (MS06-071)

You can check out the history of the rootkit at the Internet Storm Center.

Permalink: A Rootkit May Be Lurking on Your Boot Record
Tags: Server anti virus Email security Exchange anti virus Email security software Email managed security

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/110145

Related Entries:

End Of Year Security Wrap Up for 2007 - 06 January 2008

New Trojan Targets iPhone - 07 January 2008

Spam Reaches Record Levels - 08 January 2008

Systems Administrator Indicted in Hacking Scheme - 09 January 2008

GEMoney Announces Security Breach Affecting Over 600,000... - 21 January 2008

Malware Authors Exploit Actor's Tragic Death - 23 January 2008

Rootkit Wars - 02 March 2008

Vote for A Rootkit May Be Lurking on Your Boot Record:

Currently 10.00/10
1
2
3
4
5
6
7
8
9
10

Rating: 10.0 out of 1 vote(s) cast.

CW Toolbar
RSS	\| See all blog subscribe options
Google	\| What is RSS?
Yahoo!
Addthis
Bloglines
Newsletter

Advertisement - Book yours here.

Contributors (Last 90 days)
Prakash Kannoth (4)
Sue Walsh (34)
Dameon Welch-Abernathy (2)
This site has 387 entries and is powered by Creative Weblogging since January 2006.
Do you want to start or edit an existing blog for us and get paid? More info.
Do you want to advertise on this blog? We have great ideas!
Do you have tips for us? Send them!

Discover I got Spam?! on your cell phone! Simply type the URL of your favorite blog in your mobile browser.

Advertise with us
Learn more about our advertising options, visit our shop or give Sonja a call at +1 (650) 331 8047.
NEW you can also chat with us.

Would you like to have a new interactive marketing channel for your company? Learn more about Sponsored Blogs with Creative Weblogging. See how we helped companies like Weblin and cellity reach their goals.
Would you like to reach millions of blog readers every day? See you banner on hundreds of blogs with TierOneAds? Stay in control measuring conversion in real time. Register now.
Would you like to make more money blogging? Use TierOneAds a new platform that allows you as a blogger to set your prices per impression. Register now.
Do you have a blog with more than 50k page views from the US? Let us market your blog and earn great fix payments and bonuses.

Would you like to see your text link here? Let us know!

Advertisement
Book yours here.

Other blogs in the same channel in the Creative Weblogging Network

Advertisement -
Book yours here..

Disclaimer
Some of the contents of this site are protected Creative Weblogging Ltd. 2004-2008.

Advertisement - Book yours here..

Add your response to A Rootkit May Be Lurking on Your Boot Record:
Name: *	Email: (will never be shown)*	URL:

(* marked fields are required)
Notify me if more comments appear?	Subscribe to I got Spam?! newsletter? (Newsletters are sent out weekly).	Remember me
Security Code: * (Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)


We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

Blog this at your site A Rootkit May Be Lurking on Your Boot Record:

Login*	Password*


Your blog system

Save your login data? (* Your login data are stored securely and encrypted)
Please enter a comment that will appear right after the post on your site:

Tell a friend about A Rootkit May Be Lurking on Your Boot Record
Recipient email:*	Your email:*

(* Both email addresses are required for sending this article. They will never be shown or used for any marketing purposes)
Please enter a message which will be shown together with the article:

Security Code: (Please help us to sort out spam.)

A Rootkit May Be Lurking on Your Boot Record

Filed in archive Malware by Sue Walsh on January 10, 2008

Related Entries:

Vote for A Rootkit May Be Lurking on Your Boot Record:

Add your response to A Rootkit May Be Lurking on Your Boot Record:

Blog this at your site A Rootkit May Be Lurking on Your Boot Record:

Tell a friend about A Rootkit May Be Lurking on Your Boot Record

Check out our Sponsored Blogs!

Our Editors recommend

Contributors (Last 90 days)

Categories

Archives

Advertise with us

Most popular

Recent Comments

Other blogs in the same channel in the Creative Weblogging Network

Ecommerce & Internet

Disclaimer

Find more recent entries from our other publications:

The Social Networking Weblog

The Dating Weblog

Web 2.0

The Search Engine Weblog

Well Woman Blog

IfEnergy