Over the past month, a new type of malicious software has emerged, using a decades-old technique to hide itself from antivirus software.
The malware, called Trojan.Mebroot by Symantec, installs itself on the first part of the computer’s hard drive to be read on startup, then makes changes to the Windows kernel, making it hard for security software to detect it.
Criminals have been installing Trojan.Mebroot, known as a master boot record rootkit, since mid-December, and were able to infect nearly 5,000 users in two separate attacks, staged on Dec. 12 and Dec. 19, according to Verisign’s iDefense Intelligence Team. In order to install the software on a victim’s computer, attackers first lure them to a compromised Web site, which then launches a variety of attacks against the victim’s computer in hopes of finding a way to run the rootkit code on the PC.
Once installed, the malware gives attackers control over the victim’s machine…
“It’s not some new attack vector that’s going to be hard to prevent,” he said. “It’s just something that people haven’t really paid attention to.”
Posted under Security, Tech News
This post was written by Veg on January 13, 2008
Samantha Jones on 
Samantha Jones on 
Ivan on 
