Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Google Updates File Signature Checks for Android Apps

Featured Deal: Get 95% off The Complete Adobe CC Training Bundle Deal

Photo

New Mebroot rootkit infects thousands of websites

Started by quietman7 , Apr 16 2009 06:21 AM

  • Please log in to reply
6 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,272 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:21 PM

Posted 16 April 2009 - 06:21 AM

Thousands of websites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle. The malicious software is a new variant of Mebroot, a program known as a 'rootkit' for the stealthy way it hides deep in Windows...If the MBR is under a hacker's control, so is the entire computer and any data that's on it or transmitted via the internet...

pcadvisor.co.uk
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 

#2 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:21 PM

Posted 16 April 2009 - 07:11 AM

:thumbsup: .......wow........this could turn out to be a big mess....

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo

#3 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:21 PM

Posted 16 April 2009 - 08:28 AM

A footnote:

After installing the trial of

Prevx released the 3.0 version of its product


and researching the 4 false positives, the trial would not unload staying in evaluation mode(some 15 minute referenc

task manager wouldn't kill it but add/remove programs did a fine job(that part was well behaved)
Chewy

No. Try not. Do... or do not. There is no try.

#4 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:02:21 PM

Posted 16 April 2009 - 05:20 PM

That's terrible =/ I just got done downloading Windows Updates released I guess today. I wonder if this is why?

#5 Please Help Us

Please Help Us

  • Members
  • 156 posts
  • OFFLINE
    •  
  • Local time:02:21 PM

Posted 16 April 2009 - 09:10 PM

So...what can we do then?

#6 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:01:21 PM

Posted 17 April 2009 - 12:35 AM

I wonder why no major security company (like Symantec, ESET, FSecure etc) has reported it yet.
ZoneAlarm Free Antivirus+ Firewall | Bitdefender Safebox | avast! free antivirus | ESET Online Scanner

#7 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:12:21 PM

Posted 17 April 2009 - 10:40 PM

Because MBR rooters typically aren't targetted very well by major AVs.

Here's a very nice detailed and technical writeup on it by the PrevX developper/researcher Marco Giuliani.
http://www.prevx.com/blog/120/MBR-rootkit-...ikes-again.html
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'
Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook
Back to General Security


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. General Security
  4. Privacy Policy
  5. Rules ·