Endpoint Protection

 View Only

MBR Rootkit paper from VB2008 

Feb 19, 2009 06:06 AM

Back in 2008, the infamous MBR rootkit (a.k.a. Mebroot or Sinowal) proved to be one of the most complicated pieces of malicious code ever seen. Clearly written by professional developers, the Mebroot rootkit has pushed stealth technologies to an extreme level in order to support a bigger criminal project.

In fact, Mebroot can be considered as a real e-crime platform that binds itself to the core of the operating system in order to provide support to the higher layer of modules, designed to steal sensitive information for access to bank accounts. This speculation became a fact in November 2008, when law enforcement and a group of researchers were able to gain access to a remote server used by the Mebroot gang, where it was soon discovered that the servers contained around 500,000 stolen credit card and bank account numbers.

We have posted some interesting articles about Mebroot in the past, but today I’m happy to post a link to the full version of the Mebroot paper that was presented at the Virus Bulletin conference back in October 2008. This paper represents a good example of a joint effort between Symantec and F-Secure, and was written by Elia Florio of Symantec and Kimmo Kasslin of F-Secure.

You can now download the paper in PDF format from the link below:


Your Computer is Now Stoned (...Again!). The Rise of MBR Rootkits

Message Edited by Ben Nahorney on 02-19-2009 03:16 AM

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.