Researcher States MBR Malicious Programs Making a Comeback

According to a security researcher named Hon Lau from Symantec, MBR (Master Boot Record) malware has become twofold from 2009 to 2010, while 2011 is heading for further doubling of the same. This increase, according to Symantec, is possibly because the BootRoot master boot record malware's code for open source has been released. Threat Post published this on August 9, 2011.

Elaborating further, Hon Lau stated that current techniques for infecting with MBR were quite complicated and that not many malware authors took the initiative for doing so, save those who were highly proficient. That was possibly one explanation as to why following the rediscovery of MBR contamination during 2007 after it was long abandoned, by Trojan.Mebroot's developers -using the work on BootRoot, which eEye Digital Security's Permeh and Soeder performed- not an excessively large number of other authors of malicious software adopted the technique, Hon Lau added. Infosecurity.com reported this on August 9, 2011.

Meanwhile, alongside samples of TIDSERV the familiar collection of MBR malicious program, fresh collections include FISPBOOT, SMITNYL, ALWORO and CIDOX. These fresh samples mainly represent one-off creations as well as are getting utilized in the form of ransomwares i.e., code which's employed for compromising a victim's computer that's then unlocked provided a sum demanded is paid.

Hon Lau elucidates that MBR comes first among the compartments making any storage device, particularly a computer's hard drive as also it's the computer, which first accesses it, during a start-up. The MBR has software, which facilitates the device in detecting the location and getting an OS alternatively other programs deployed on the machine, loaded. And once loaded, it becomes simpler for MBR malware in eluding security mechanisms, explains Symantec.

Moreover, whilst MBR infection is the key issue of Mebroot from the beginning, Lau observes that there's another gang that perpetrated the extremely advanced e-threat, Backdoor.Tidserv that formerly contaminated files on system driver, and which now desired for experiencing an MBR action.

Lau additionally observes that the scenario of master boot record malware, during 2011, has significantly altered, while the Trojan.Fispboot, Trojan.Smitnyl, Trojan.Alworo, Backdoor.Tidserv.M, and Trojan.Cidox malicious programs have surfaced. Infosecurity.com reported this.

Related article: Researchers Urge Caution against phishing Scams

» SPAMfighter News - 8/19/2011