Security researchers are warning of a new rootkit/code dropper that has the potential to be a lot nastier if its Russian creators ever get motivated. The rootkit infects the Master Boot Record (MBR) (define) of a computer, where it then installs a Trojan to steal online banking information. MBR-based attacks have been around since the […]
Security researchers are warning of a new rootkit/code dropper that has the potential to be a lot nastier if its Russian creators ever get motivated. The rootkit infects the Master Boot Record (MBR) (define) of a computer, where it then installs a Trojan to steal online banking information.
MBR-based attacks have been around since the MS-DOS era. It’s a good place to attack because that’s the second place a computer checks on startup, after the BIOS (define). Therefore, it has control of the system before the operating system even boots, let alone before any security software is loaded.
This rootkit’s existence reflects the inherent risk of shining light on a problem. A proof of concept rootkit that targets the MBR was first proposed by eEye Digital Security in 2005. This concept was then discussed last August at the Black Hat hacker conference in Las Vegas and appeared shortly thereafter.
That’s the risk you take when you can’t tell the good guys from the bad guys at a show like Black Hat.
“At Black Hat, what people try to do is responsibly disclose potential issues,” said Matt Richards, director of the rapid response team for iDefense, which disclosed the rootkit’s presence. “They didn’t disclose anything ground breaking, they just brought it into the light. Unfortunately, the good guys and the bad guys both saw it.”
iDefense first noticed the rootkit in late December. In examining the code, it found it was particularly difficult to remove because of the way it hides in the MBR and the fact that it also hides other Trojans in the MBR.
Infection comes from visiting what seems to be a harmless Web site with a malicious IFrame that links and then tries to exploit several old vulnerabilities in Windows. If there’s any consolation, the rootkit only affects Windows XP, not Vista, and the exploits it targets are several months old.
For now, Vista users and those who have kept their computers up to date are safe. Richards said it would be very easy to upgrade the rootkit to be far more dangerous. “It would probably take a few weeks to adapt it to Vista,” he said. “The worst case scenario is if they buy a zero-day on the underground and decide to distribute it.”
This article was first published on InternetNews.com. To read the full article, click here.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Andy Patrizio is a freelance journalist based in southern California who has covered the computer industry for 20 years and has built every x86 PC he’s ever owned, laptops not included.
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
