Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New Mebroot rootkit infects thousands of websites

  • Please log in to reply
6 replies to this topic

#1 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,751 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:47 PM

Posted 16 April 2009 - 06:21 AM

Thousands of websites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle. The malicious software is a new variant of Mebroot, a program known as a 'rootkit' for the stealthy way it hides deep in Windows...If the MBR is under a hacker's control, so is the entire computer and any data that's on it or transmitted via the internet...

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)


#2 scff249


    Indecisive Lurker

  • Members
  • 1,319 posts
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:03:47 PM

Posted 16 April 2009 - 07:11 AM

:thumbsup: .......wow........this could turn out to be a big mess....

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo

#3 DaChew


    Visiting Alien

  • Members
  • 10,317 posts
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:47 PM

Posted 16 April 2009 - 08:28 AM

A footnote:

After installing the trial of

Prevx released the 3.0 version of its product

and researching the 4 false positives, the trial would not unload staying in evaluation mode(some 15 minute referenc

task manager wouldn't kill it but add/remove programs did a fine job(that part was well behaved)

No. Try not. Do... or do not. There is no try.

#4 xblindx


  • Banned
  • 1,923 posts
  • Gender:Male
  • Local time:04:47 PM

Posted 16 April 2009 - 05:20 PM

That's terrible =/ I just got done downloading Windows Updates released I guess today. I wonder if this is why?

#5 Please Help Us

Please Help Us

  • Members
  • 156 posts
  • Local time:04:47 PM

Posted 16 April 2009 - 09:10 PM

So...what can we do then?

#6 Romeo29


    Learning To Bleep

  • Members
  • 3,194 posts
  • Gender:Not Telling
  • Location:
  • Local time:03:47 PM

Posted 17 April 2009 - 12:35 AM

I wonder why no major security company (like Symantec, ESET, FSecure etc) has reported it yet.

#7 Galadriel


    Bleepin Elf

  • Malware Response Team
  • 2,753 posts
  • Gender:Female
  • Location:Missouri, USA
  • Local time:02:47 PM

Posted 17 April 2009 - 10:40 PM

Because MBR rooters typically aren't targetted very well by major AVs.

Here's a very nice detailed and technical writeup on it by the PrevX developper/researcher Marco Giuliani.
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users