Security Center
Is There A Rootkit Stashed In Your Boot Record?

Index >> Security Center >>

Author

Message

Grav!ty
Graham Massey

Posted: Wed Jan 09, 2008 10:25 pm

Vice President
Operations

Joined: 14 Sep 2004
Posts: 20770
Location: Johannesburg

See this news article posted by rippinchikkin Is There A Rootkit Stashed In Your Boot Record?.

Here's a fix:

Quote:

From the recovery console, advised Elia Florio, another Symantec researcher, users can run the "fixmbr" command to remove the rootkit. "To help prevent similar attacks in the future, and if your system BIOS includes the Master Boot Record write-protection feature, now is a good time to enable it," Florio recommended

Source: Computerworld

Not that there are exactly a lot of systems infected at about 5000, but it could be a meanie to get rid of. I guess one would only know if ones system no longer booted. It seems it's "acquired" by visiting certain "host" sites that have been compromised.

I haven't checked right now, but I can't remember that my BIOS has a MBR write protection feature. At least it can be gotten rid of though.

Back to top

NT50
Jeff Replogle

Posted: Wed Jan 09, 2008 11:19 pm

Vice President
Support

Joined: 19 Jun 2004
Posts: 9379
Location: Jackson, TN USA