A Digital Age Deserves A Digital Leader

Is There A Rootkit Stashed In Your Boot Record?

Is There A Rootkit Stashed In Your Boot Record?

Postby Grav!ty » Thu Jan 10, 2008 2:25 am

See this news article posted by rippinchikkin Is There A Rootkit Stashed In Your Boot Record?.

Here's a fix:
From the recovery console, advised Elia Florio, another Symantec researcher, users can run the "fixmbr" command to remove the rootkit. "To help prevent similar attacks in the future, and if your system BIOS includes the Master Boot Record write-protection feature, now is a good time to enable it," Florio recommended


Source: Computerworld


Not that there are exactly a lot of systems infected at about 5000, but it could be a meanie to get rid of. I guess one would only know if ones system no longer booted. It seems it's "acquired" by visiting certain "host" sites that have been compromised.

I haven't checked right now, but I can't remember that my BIOS has a MBR write protection feature. At least it can be gotten rid of though.
Image

"The great majority of mankind are satisfied with appearances, as though they were realities, and are often more influenced by the things that seem than by those that are." - Niccolo Machiavelli
PROfessional Member
User avatar
Posts: 15790
Joined: Tue Sep 14, 2004 5:22 am
Real Name: Graham

Postby NT50 » Thu Jan 10, 2008 3:19 am

Thank goodness I am running NOD. I am sure they are on top of it also. I do know that NOD monitors the MBR.
Dogs Have Owners; Cats Have Staff
PROfessional Member
User avatar
Posts: 8220
Joined: Sat Jun 19, 2004 4:46 pm
Location: Jackson, TN USA
Real Name: Jeff Replogle

Postby augie » Thu Jan 10, 2008 3:35 am

That almost sounds too simplistic of a fix!? :confused Checkout Rootkit Revealer from TechNet. I have no idea.
Everything that irritates us about others can lead us to an understanding of ourselves. -- Carl Jung

eVGA X58 tri-SLI, i7 930 @ 3.8GHz., Corsair 6GB Dominator, Inno3D GTX470, eVGA260
ASUS P8P67 Pro, i7 2600K @4.60 GHz, 8GB RAM, eVGA GTX 460
Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 7 guests

cron
cron