New Chinese MBR Rootkit Identified

jamescv7 · Apr 6, 2011

A new rootkit that uses the master boot record (MBR) to hide itself has been discovered in China and is being used to install an online game password stealer.

The bootkit is installed on the computer by a trojan downloader distributed from a Chinese adult site and is detected by Kaspersky as Rookit.Win32.Fisp.a.

Once executed, the rootkit makes a copy of the old MBR and replaces the sectors with its own code which includes an encrypted driver.

When the computer boots, the malicious code executes and restores the original MBR so that Windows can load normally.

Link

Valentin N · Apr 6, 2011

Jack · Apr 6, 2011

Smart rootkit but ......
VT : 40 /43 (93.0%) ...... LOL

Valentin N · Apr 6, 2011

does anyone know how trace such malware through MD5 and SHA1/256? I ask because I would like to warn our+ other members to watch out from that online game.

jamescv7 · Apr 6, 2011

Do you mean a tool? I'm not sure about this but you may try it.

Link

or this one

Link

mhartsellm · Apr 6, 2011

Thanks for the heads up and all, but this is something I should never have to worry about...lol:angel:

Search

New Chinese MBR Rootkit Identified

jamescv7

Level 85

Valentin N

Level 2

Jack

Administrator

Valentin N

Level 2

jamescv7

Level 85

mhartsellm

New Member

Similar threads