igotspam

A Rootkit May Be Lurking on Your Boot Record

Filed in archive Malware on January 11, 2008

A Rootkit May Be Lurking on Your Boot Record
According to Symantec a new rootkit has been found. The kit, named Trojan.Mebroot, lurks in a PC's master book record. What's particularly nasty about this one is it's beginning to infect Windows PCs, and even worse, it's undetectable to most anti-virus software. Symantec says Trojan.Mebroot overwrites the MBR, thereby taking total control of the system:
The main problem is that some versions of Microsoft Windows allow programs to overwrite disk sectors directly (including the MBR) from user mode, without restrictions. As such, writing a new MBR into Sector 0 as a standard user is a relatively easy task. This issue has been known for quite some time, and still affects the 2K/XP families, while Vista was partially secured in 2006 (after Release Candidate 2) after a successful attack demonstration made by Joanna Rutkowska.

It appears to be a derivative of the BootRoot and its kernel has been designed to install a backdoor Trojan. For now, it's only being found on XP systems. Vista's User Account Control seems to be keeping it at bay for now. It takes advantage of the following vulnerabilities:

Microsoft JVM ByteVerify (MS03-011)
Microsoft MDAC (MS06-014) (two versions)
Microsoft Internet Explorer Vector markup language (MS06-055)
Microsoft XML CoreServices (MS06-071)

You can check out the history of the rootkit at the Internet Storm Center.



Permalink: A Rootkit May Be Lurking on Your Boot Record

Tags: Server  anti  virus  Email  security  Exchange  anti  virus  Email  security  software  Email  managed  security 

Vote for A Rootkit May Be Lurking on Your Boot Record:

  • Currently 10.00/10
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
Rating: 10.00 out of 1 vote(s) cast.
 
Share It
RSSrss
Google google
Yahoo! yahoo
Addthis Subscribe using any feed reader!
Bloglines Bloglines
TwitterFollow us on Twitter!
Most Popular   Announcements   Anti-Spam Tools   Archival Tools   Best of   Did you know   Events   Fight!   Information about   Malware   Misc   Phishing   Security measures   Spam   Spam News   Spyware