MBR Rootkit paper from VB2008
Back in 2008, the infamous MBR rootkit (a.k.a. Mebroot or Sinowal) proved to be one of the most complicated pieces of malicious code ever seen. Clearly written by professional developers, the Mebroot rootkit has pushed stealth technologies to an extreme level in order to support a bigger criminal project.
In fact, Mebroot can be considered as a real e-crime platform that binds itself to the core of the operating system in order to provide support to the higher layer of modules, designed to steal sensitive information for access to bank accounts. This speculation became a fact in November 2008, when law enforcement and a group of researchers were able to gain access to a remote server used by the Mebroot gang, where it was soon discovered that the servers contained around 500,000 stolen credit card and bank account numbers.
We have posted some interesting articles about Mebroot in the past, but today I’m happy to post a link to the full version of the Mebroot paper that was presented at the Virus Bulletin conference back in October 2008. This paper represents a good example of a joint effort between Symantec and F-Secure, and was written by Elia Florio of Symantec and Kimmo Kasslin of F-Secure.
You can now download the paper in PDF format from the link below:
Your Computer is Now Stoned (...Again!). The Rise of MBR Rootkits
About Security Response Blog
Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.