Symantec has found a new rootkit that hides from Windows XP on the hard drive's boot sector. Nasty stuff. A traditional rootkit installs as a driver while this new rootkit installs so that it controls the master boot record (MBR) before
the operating system loads, said Symantec's security researcher Oliver Friedrichs, in a Computerworld story. This allows it to hide especially well - "unprecedented" is the term that Friedrich's uses to describe this threat. The rootkit is fine-tuned to work only on Windows XP systems. Vista users may remain protected because they should be explicitly asked to approve the installation of this MBR rootkit when a User Account Control warning pops up. This is because the rootkit requires administrative-level approval to install to the hard drive's master boot record.
The Computerworld story says:
"According to other researchers, including those with the SANS Institute's Internet Storm Center, Prevx Ltd. and a Polish analyst who uses the alias 'gmer,' the rootkit has infected several thousand PCs since mid-December, and is used to cloak a follow-on bank account-stealing Trojan horse from detection as well as to reinstall the identity thief if a security scanner somehow sniffs it out."
If the rootkit does find its way onto a system, you may be looking at a PC that cannot be repaired but has to be wiped clean. Symantec claims that its antivirus software fights the rootkit by identifying it as a Trojan named Mebroot when the rootkit attempts to install itself. Researchers also suggest checking to see if your PC's BIOS includes a MBR write-protection feature. If so, they advocate activating it.
Go to Microsoft Subnet for more news, blogs, opinion
More Microsoft Subnet blog posts:
Microsoft's CES news: all about IPTV
Enterprise deployment guides for Vista SP1
Bill Gates last full day video
Video: One year, three minutes, many laughs
Bill Gates video interview,looking back and forward
Win free Microsoft training from New HorizonsAll Micronet blog posts
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, managed by editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.
|
|
