Kaspersky Lab neutralizes unique MBR rootkit
Kaspersky Lab announces the detection and treatment of a new variant of a unique MBR rootkit.
A new variant of the malicious program Sinowal, which has the functionality of hiding its presence in the system by infecting the master boot record (MBR, Master Boot Record) of the hard disk, was discovered by experts at the end of March 2009.
According to the researchers, the new version of the rootkit was a real surprise for them. Unlike previous versions, the new modification Backdoor.Win32.Sinowal to prevent its detection uses a much deeper level of introduction into the system. The method of concealment, implemented in this variant, uses interceptions at the level of device objects - the “deepest” level of the operating system. Never before have attackers turned to such advanced technologies. Because of this, none of the existing anti-virus products at the time of the appearance of the new Sinowal modification could not only cure the affected Backdoor.Win32.Sinowal computers, but even detect the problem. After penetrating the system, the bootkit ensures the hidden functioning of the main module focused on the theft of personal data of users and their various accounts.
According to Kaspersky Lab, the bootkit has been actively distributed over the past month from a number of malicious sites that use the Neosploit vulnerability set. One of the main ways to penetrate the system is to exploit a vulnerability in Adobe Acrobat Reader, which causes the execution of a malicious PDF file downloaded without the user's knowledge.
')
Detection and treatment of this bootkit, which is still distributed on the Internet, is the most difficult task that antivirus industry specialists have had to face for several years. Kaspersky Lab was one of the first among the leading antivirus companies to implement in its existing personal antivirus solutions not only the detection, but also the successful treatment of this version of Sinowal.
In order to check the computer for infection, users of personal products need to update the anti-virus database and conduct a full system scan. If a bootkit is detected during the treatment, you will need to restart the computer.
Also, Kaspersky Lab experts recommend that all users install the necessary patches covering vulnerabilities in Acrobat Reader and browsers used.
news c securitylab
A new variant of the malicious program Sinowal, which has the functionality of hiding its presence in the system by infecting the master boot record (MBR, Master Boot Record) of the hard disk, was discovered by experts at the end of March 2009.
According to the researchers, the new version of the rootkit was a real surprise for them. Unlike previous versions, the new modification Backdoor.Win32.Sinowal to prevent its detection uses a much deeper level of introduction into the system. The method of concealment, implemented in this variant, uses interceptions at the level of device objects - the “deepest” level of the operating system. Never before have attackers turned to such advanced technologies. Because of this, none of the existing anti-virus products at the time of the appearance of the new Sinowal modification could not only cure the affected Backdoor.Win32.Sinowal computers, but even detect the problem. After penetrating the system, the bootkit ensures the hidden functioning of the main module focused on the theft of personal data of users and their various accounts.
According to Kaspersky Lab, the bootkit has been actively distributed over the past month from a number of malicious sites that use the Neosploit vulnerability set. One of the main ways to penetrate the system is to exploit a vulnerability in Adobe Acrobat Reader, which causes the execution of a malicious PDF file downloaded without the user's knowledge.
')
Detection and treatment of this bootkit, which is still distributed on the Internet, is the most difficult task that antivirus industry specialists have had to face for several years. Kaspersky Lab was one of the first among the leading antivirus companies to implement in its existing personal antivirus solutions not only the detection, but also the successful treatment of this version of Sinowal.
In order to check the computer for infection, users of personal products need to update the anti-virus database and conduct a full system scan. If a bootkit is detected during the treatment, you will need to restart the computer.
Also, Kaspersky Lab experts recommend that all users install the necessary patches covering vulnerabilities in Acrobat Reader and browsers used.
news c securitylab
Source: https://habr.com/ru/post/59375/
All Articles