Symantec has found a new rootkit that hides from Windows XP on the hard drive's boot sector. Nasty stuff. A traditional rootkit installs as a driver while this new rootkit installs so that it controls the master boot record (MBR) before
the operating system loads, said Symantec's security researcher Oliver Friedrichs, in a Computerworld story. This allows it to hide especially well - "unprecedented" is the term that Friedrich's uses to describe this threat. The rootkit is fine-tuned to work only on Windows XP systems. Vista users may remain protected because they should be explicitly asked to approve the installation of this MBR rootkit when a User Account Control warning pops up. This is because the rootkit requires administrative-level approval to install to the hard drive's master boot record.
The Computerworld story says:
"According to other researchers, including those with the SANS Institute's Internet Storm Center, Prevx Ltd. and a Polish analyst who uses the alias 'gmer,' the rootkit has infected several thousand PCs since mid-December, and is used to cloak a follow-on bank account-stealing Trojan horse from detection as well as to reinstall the identity thief if a security scanner somehow sniffs it out."
If the rootkit does find its way onto a system, you may be looking at a PC that cannot be repaired but has to be wiped clean. Symantec claims that its antivirus software fights the rootkit by identifying it as a Trojan named Mebroot when the rootkit attempts to install itself. Researchers also suggest checking to see if your PC's BIOS includes a MBR write-protection feature. If so, they advocate activating it.
Go to Microsoft Subnet for more news, blogs, opinion
More Microsoft Subnet blog posts:
Microsoft's CES news: all about IPTV
Enterprise deployment guides for Vista SP1
Bill Gates last full day video
Video: One year, three minutes, many laughs
Bill Gates video interview,looking back and forward
Win free Microsoft training from New HorizonsAll Micronet blog posts
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
