CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 937
Comments: 25
block bottom
spacer spacer
image New rootkit uses old trick to hide itself image
Cyber Security
Criminals have been installing a master boot record rootkit, known as Trojan.Mebroot, since mid-December

The malware, called Trojan.Mebroot by Symantec, installs itself on the first part of the computer's hard drive to be read on startup, then makes changes to the Windows kernel, making it hard for security software to detect it.

Criminals have been installing Trojan.Mebroot, known as a master boot record rootkit, since mid-December, and were able to infect nearly 5,000 users in two separate attacks, staged on Dec. 12 and Dec. 19, according to Verisign's iDefense Intelligence Team. In order to install the software on a victim's computer, attackers first lure them to a compromised Web site, which then launches a variety of attacks against the victim's computer in hopes of finding a way to run the rootkit code on the PC.

Read more.

CastleCops® is not responsible for the content of external links.
Posted on Wednesday, 09 January 2008 @ 17:17:29 UTC by mrrockford (2276 reads)
[ Trackback ]		image

"New rootkit uses old trick to hide itself" | Login/Create an Account | 1 comment | Search
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: New rootkit uses old trick to hide itself (Score: 1)
by Cudni  on Wednesday, 09 January 2008 @ 20:17:59 UTC
(User Info | Send a Message) http://www.dslreports.com/forum/security,1
Discussed here as well
http://www.castlecops.com/t212084-Stealth_MBR_rootkit.html


 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· Microsoft
· Linux Kernel Archives
· Intel
· HotScripts
· W3 Consortium
· More about Cyber Security
· News by mrrockford

Most read story about Cyber Security:
Booby Trapped software!
block bottom
Article Rating
spacer
Average Score: 4.5
Votes: 2


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
104ppm 0.165s (0.013s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer