MX Logic
Resources Support Contact MX Logic Login
Search
MX Logic Advantage Services Technology Partners News & Events About MX Logic

MX Logic » MX Logic IT Security Blog
17 January 2008

New Rootkits Going Old School

Just as we have reported that there has been a large movement back towards old school type spam tactics like text obfuscations (in lieu of PDF and image based spam) it looks like malware is doing the same and going after the Master Boot Record.

Master Boot Record (MBR) viruses start when your computer's BIOS activates its master boot code (and here comes the key part) BEFORE the operating system loads.

So, why is this important?

Most of your Windows malware that contains a rootkit component will attach itself to one of your Windows device drivers. This means that these rootkits run after the operating system loads (or while it is loading, depending on the device driver). Rootkits that attach to your MBR do so BEFORE the operating system loads. This means that these rootkits are a lot stealthier and as such more difficult to detect, but also much more difficult to remove. Even if you uninstall your operating system, MBR rootkits will still remain on your system, even if the malware which installed the rootkit is removed.

We have hereby crossed the threshold into the next wave of malware as cyber criminals continue to make malware and rootkits less detectable more difficult to remediate.

Categories: Rootkits
Posted by smasiello at 9:51 AM | Link | 0 comments
Comments

No comments found.

Post a Comment
Name:   Required
Email:   Required your email address will not be publicly displayed.

Anti-spam key

Type in the text that you see in the above image:

Your comment:

Sorry, no HTML allowed!

MSP Mentor

Privacy Policy
© MX Logic, Inc.
All Rights Reserved.

MX Logic
9781 S. Meridian Blvd. Suite 400 Englewood, CO 80112
Toll-Free: +1.877.MXLOGIC

  MX Logic provides Email Filter, Web Filter and Email Archiving services for use in network security.