10 January 2008

New Rootkit That Hides in Hard Drive's Boot Record

A rootkit (named Trojan.Mebroot by Symantec) based on proof-of-concept code presented at 2005's Black Hat conference has infected approximately 5,000 Windows-based PCs so far, and researchers say it's a remarkably sophisticated and hard-to-eradicate infection.

In contrast to a traditional rootkit that installs as a driver, Trojan.Mebroot installs itself before the operating system loads. As such, Trojan.Mebroot has unprecedented access to the computer and is effectively invisible to the operating system and security software installed on that operating system.

Windoze users, to remove the rootkit, boot into the Windoze recovery console and run the "fixmbr" command. Windoze users, now is a good time to start learning how to use Ubuntu.

No comments: