- Mar 15, 2011
- 13,070
A new rootkit that uses the master boot record (MBR) to hide itself has been discovered in China and is being used to install an online game password stealer.
The bootkit is installed on the computer by a trojan downloader distributed from a Chinese adult site and is detected by Kaspersky as Rookit.Win32.Fisp.a.
Once executed, the rootkit makes a copy of the old MBR and replaces the sectors with its own code which includes an encrypted driver.
When the computer boots, the malicious code executes and restores the original MBR so that Windows can load normally.
Link