Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

Stealth rootkit infects thousands of websites

Created: 20 Apr 2009 • 2 comments
erikw's picture
+2 2 Votes
Login to vote

Thousands of websites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.
An earlier version of Mebroot, which is what Symantec named it, first appeared around December 2007 and used a well-known technique to stay hidden. It infects a computer's Master Boot Record (MBR). It's the first code a computer looks for when booting the operating system after the BIOS runs.
Read more on:

Comments 2 CommentsJump to latest comment

binayak's picture

Hi, thanks for the valuable information.

Login to vote
riva11's picture

From Stealth rootkit infects thousands of websites article :

Erasmus said it appears that thousands of websites have been hacked to deliver Mebroot to vulnerable computers that don't have the proper patches for their web browsers.

The infection mechanism is known as a drive-by download. It occurs when a person visits a legitimate website that's been hacked. Once on the site, an invisible iframe is loaded with an exploit framework that begins testing to see if the browser has a vulnerability. If so, Mebroot is delivered, and a user notices nothing.

Hope Symantec will deliver virus defs update quickly. It seems really dangerous....

Login to vote