Discovered: 7 January 2008
Updated: 8 January 2008 4:45:30 PM
Also Known As: Troj/Mbroot-A [Sophos], StealthMBR [McAfee], TROJ_SINOWAL.AD [Trend], StealthMBR!rootkit [McAfee]
Type: Trojan
Infection Length: Varies
Systems Affected: Windows XP, Windows Vista, Windows Server 2003, Windows 2000
Trojan.Mebroot is a Trojan horse that overwrites the Master Boot Record of the hard disk and uses rootkit techniques to hide itself.
Further Reading:For more information about this threat, please refer to the following blog entry:
From BootRoot to Trojan.Mebroot: A Rootkit in Your MBR!Protection
-
Initial Rapid Release version 7 January 2008 revision 024
-
Latest Rapid Release version 23 November 2009 revision 054
-
Initial Daily Certified version 7 January 2008 revision 040
-
Latest Daily Certified version 24 November 2009 revision 005
-
Initial Weekly Certified release date 9 January 2008
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Moderate
-
Removal: Easy
Damage
-
Damage Level: Low
-
Payload: Opens a back door on the compromised computer.
-
Degrades Performance: Overwriting the Master Boot Record (MBR) may degrade performance.
-
Causes System Instability: Overwrites the Master Boot Record (MBR).
Distribution
Writeup By: Elia Florio
Technorati
Digg
Delicious
Reddit
StumbleUpon
Furl
Yahoo
Twitter
Facebook
Newsvine
