MBR rootkit mebroot: A tough threat to security
Mebroot: infected with the rootkit of the hard drive Boot Record, an evil security threat
Author: Arun Radhakrishnan
Author: Arun Radhakrishnan
Category: News, security
Category: News, security
Translation: endurer, 2008-03-10 1st
Http://blogs.techrepublic.com.com/tech-news? P = 2099 & tag = NL. e101
Security firm Finjan has raised a warning on rootkit "mebroot," which it believes has entered the release to manufacturing (RTM) Phase-a term used for software that has entered production. it's extremely difficult for security software to detect this rootkit because it overwrites the Master Boot Record (MBR) of the harddisk.
Security company Finjan has issued a warning about the mebroot rootkit, believing that it has entered the production phase (RTM)-a term for the software that has been produced. It is extremely difficult for the security software to detect this rootkit because it overwrites the Master Boot Record of the hard disk.
1. Finjan: headquartered in San Jose, USA, is one of the companies that play a leading role in preventing malicious code intrusion and ensuring system security. Its Products include patented real-time behavior detection technology, this technology provides a new way to combat unknown worms, viruses, trov Trojans, and various new types of malicious code."
An excerpt from InfoWorld:
An excerpt from InfoWorld:
Dubbed "mebroot," the rootkit infects the Master Boot Record (MBR), the first sector of a PC's hard drive that the computer looks to before loading the operating system. since it loads before anything else, mebroot is nearly invisible to security software.
The Rootkit, known as "mebroot", is infected with the Master Boot Record (MBR) of the hard disk, that is, the first sector of the hard disk of the personal computer, the computer will search here (Master Boot Record) before loading the operating system ). Mebroot is almost invisible to security software because it is first loaded.
"You can't execute any earlier than that," said Mikko Hypponen, F-Secure's Chief Research Officer.
"You cannot execute anything else before it," said Mikko Hypponen, director of F-Secure research.
F-Secure goes on to mention that its security software cocould at best only guess on the infection of a PC by the mebroot rootkit. however, booting from F-Secure's software CD makes it possible to detect the malware since then the security software gets the upper hand.
F-Secure then mentioned that the company's security software can only guess that personal computers are infected with mebroot. However, when started with the F-Secure software CD, the malicious software may be detected, and thus the security software prevails.
1. Since then: since then
What makes mebroot a greater threat is that it injects itself into other system processes and all it requires to get the PC infected is to visit a Web page with unpatched web browsers. this type of MBR infecting rootkits have been in the news for some time now, but the scale of infection is yet to be ascertained.
One of the biggest threats to mebroot is to inject itself into other system processes and infect a personal computer by accessing a webpage with a Web browser that is not patched. The Rootkit of this type of infection MBr has been on the news for a while, but the number of infections is still uncertain.
Crafting such targeted malware takes a high engineering effort and goes to show how lucrative the malware "business" is becoming. Malwares represent a big threat to the shifting of software services online.
Such malware-targeted industries bring together advanced engineering plans and show how good the malware "business" is growing. A large number of malware indicate a huge threat to online software services.
1. Engineering effort: engineering plan
Do you feel it's high time that an industry framework was formulated to make security integral to the design of the Internet?
Do you think this is the time to establish an industrial structure to integrate security into Internet planning?
1. High time: when to do something