Hi malware fighters,
MBR rootkit was found for the very first time late last year. It is nearly impossible for normal anti-malware software to remove it. Furthermore it is actively spread through the Internet.
This malware infects the Master Boot Record of the hard disk, and can infect the operational system
before it has been loaded.
To see whether a system has been infected the security software must be run before the rootkit.
Most known virus- and rootkitscanners load after the operational system has started. so they
have already lost the battle against this kind of malware, as is admitted by F-Secure very openly here:
http://www.f-secure.com/weblog/archives/00001393.htmlIn the case of MBR rootkit a program like Blacklight can only guess the system has been infected.
Certainty can only bring the use of a boot-CD.
One thing is sure this malware has been created by professional miscreants,
and during the first two attacks of MBR rootkit this malware made over 5000 victims.
The rootkit downloads other additional malware, for instance malware to plunder bank-accounts.
It is spread through drive-by-downloads to abuse leaks and vulnerabilities
in both several Microsoft programs and AOL and Yahoo software.
That this means a serious threat is obvious because the proof of concept for two of
these exploits are just over one month old.
My question here is are users of avast protected against these drive-by-downloads? Second is
how to best protect against this malware, because when you have it on your hard disk
you are really in between a rock and a hard stone, I think,
polonus
