New Rootkits Going Old School

Just as we have reported that there has been a large movement back towards old school type spam tactics like text obfuscations (in lieu of PDF and image based spam) it looks like malware is doing the same and going after the Master Boot Record.

Master Boot Record (MBR) viruses start when your computer's BIOS activates its master boot code (and here comes the key part) BEFORE the operating system loads.

So, why is this important?

Most of your Windows malware that contains a rootkit component will attach itself to one of your Windows device drivers. This means that these rootkits run after the operating system loads (or while it is loading, depending on the device driver). Rootkits that attach to your MBR do so BEFORE the operating system loads. This means that these rootkits are a lot stealthier and as such more difficult to detect, but also much more difficult to remove. Even if you uninstall your operating system, MBR rootkits will still remain on your system, even if the malware which installed the rootkit is removed.

We have hereby crossed the threshold into the next wave of malware as cyber criminals continue to make malware and rootkits less detectable more difficult to remediate.

Posted by smasiello at 9:51 AM | Link | 0 comments

No comments found.