Endpoint Protection

 View Only
Back to Library

Stealth rootkit infects thousands of websites 

Apr 20, 2009 12:57 PM

Thousands of websites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.
An earlier version of Mebroot, which is what Symantec named it, first appeared around December 2007 and used a well-known technique to stay hidden. It infects a computer's Master Boot Record (MBR). It's the first code a computer looks for when booting the operating system after the BIOS runs.
Read more on:

http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=14323

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

riva11
Apr 20, 2009 03:08 PM

From Stealth rootkit infects thousands of websites article :

Erasmus said it appears that thousands of websites have been hacked to deliver Mebroot to vulnerable computers that don't have the proper patches for their web browsers.

The infection mechanism is known as a drive-by download. It occurs when a person visits a legitimate website that's been hacked. Once on the site, an invisible iframe is loaded with an exploit framework that begins testing to see if the browser has a vulnerability. If so, Mebroot is delivered, and a user notices nothing.


Hope Symantec will deliver virus defs update quickly. It seems really dangerous....

Migration User
Apr 20, 2009 01:38 PM

Hi, thanks for the valuable information.

Related Entries and Links

No Related Resource entered.