New Chinese MBR Rootkit Identified

[jamescv7]

A new rootkit that uses the master boot record (MBR) to hide itself has been discovered in China and is being used to install an online game password stealer.

The bootkit is installed on the computer by a trojan downloader distributed from a Chinese adult site and is detected by Kaspersky as Rookit.Win32.Fisp.a.

Once executed, the rootkit makes a copy of the old MBR and replaces the sectors with its own code which includes an encrypted driver.

When the computer boots, the malicious code executes and restores the original MBR so that Windows can load normally.

Link

 

[Valentin N]

VT

 

[Jack]

Smart rootkit but ......
VT : 40 /43 (93.0%) ...... LOL

 

[Valentin N]

does anyone know how trace such malware through MD5 and SHA1/256? I ask because I would like to warn our+ other members to watch out from that online game.

 

[jamescv7]

Do you mean a tool? I'm not sure about this but you may try it.

Link

or this one

Link

 

[mhartsellm]

Thanks for the heads up and all, but this is something I should never have to worry about...lol:angel: