Is there a rootkit stashed in your boot record? - Abibitumi Kasa Afrikan Language and Liberation Institutes and Community Networks
Home UserCP Memberlist Register Calendar FAQ
 
Home
 

Portal Liberation Forum Store Arcade Search YouTube ABIBItube Media Site Map Photo Gallery Abibifiles Bookmark Us! Member Classroom
Go Back   Abibitumi Kasa Afrikan Language and Liberation Institutes and Community Networks > Video Tutorials: How to... at Abibitumi Kasa > AKALI Help Center and Suggestion Box > Computer, Software and Tech Issues for Afrikans
Reload this Page Is there a rootkit stashed in your boot record?
Register VBay [0]Invite Afrikans Stats All AlbumsBlogs FAQDonate Members Calendar Search Today's Posts Mark Forums Read

Notices
Welcome to the Abibitumi Kasa Afrikan Language and Liberation Institutes and Community Networks forums.
(You must register for our free forum here first to access the member classroom where classes and lectures are held)

You are currently viewing our boards as a guest which gives you limited ability to access and view most discussions, download informative attachments and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact us. If this is your first visit, be sure to check out the FAQ by clicking the link above or the video tutorials link below. You have to register before you can post which we think would be a good idea in the spirit of Ma'at and reciprocity. As an Afrikan, take something and leave something. Can you dig it? Click the register link above to proceed and check the video tutorials on how to post a thread or video! To start viewing messages, select the forum that you want to visit from the selection below. Enjoy your stay in our Afrikan community and stay BlackNificent!

Computer, Software and Tech Issues for Afrikans Computer, Software and Tech Issues for Afrikans

http://www.abibitumikasa.com/forums/

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-11-2008, 01:31 PM
Oju's Avatar
Oju Oju is offline
Oju is tech support
Abibikasa Wura
  

Join Date: Sep 2006
Posts: 291
Thanks: 9
Thanked 12 Times in 8 Posts
Rep Power: 3
Oju will become famous soon enough
Activity Longevity
1/20 15/20
Today Posts
ssssss291
Default Is there a rootkit stashed in your boot record?
Is there a rootkit stashed in your boot record?

The latest rootkit in the wild hides on your hard drive’s boot sector and is starting to infect Windows PCs, according to security researchers.

And the real kicker: The rootkit can’t be detected by most antivirus applications.

Symantec http://www.symantec.com/enterprise/s...anmebroot.html has been tracking the latest rootkit–Trojan.Mebroot–and provides a good overview of master boot record (MBR) rootkits. In general, an MBR is the first sector of a storage device, say a hard drive, and is used for booting the operating system. Control the MBR and control the OS.

These attacks have been around for a few years, but are now impacting Windows in the wild. NVLabs last year published a proof of concept MBR rootkit http://www.nvlabs.in/?q=node/11 and the first one, BootRoot, appeared in 2005 courtesy of eEye Digital Security http://research.eeye.com/html/tools/RT20060801-7.html.

According to Symantec, Trojan.Mebroot controls a system by overwriting the MBR with its own code. This rootkit also appears to be a derivative of the BootRoot. The Trojan.Mebroot kernel has been altered to load a custom back door Trojan.

Symantec notes:

The main problem is that some versions of Microsoft Windows allow programs to overwrite disk sectors directly (including the MBR) from user mode, without restrictions. As such, writing a new MBR into Sector 0 as a standard user is a relatively easy task. This issue has been known for quite some time, and still affects the 2K/XP families, while Vista was partially secured in 2006 (after Release Candidate 2) after a successful attack demonstration made by Joanna Rutkowska.

Trojan.Mebroot, which was mapped last week by gmer http://www2.gmer.net/mbr/, runs on Windows XP for now. Vista users would have to accept a User Account Control warning. The SANS Institute http://isc.sans.org/diary.html?storyid=3820 has the history of the latest rootkit and notes that it take advantage of “old, easy to patch” vulnerabilities that include:

* Microsoft JVM ByteVerify (MS03-011)
* Microsoft MDAC (MS06-014) (two versions)
* Microsoft Internet Explorer Vector Markup Language (MS06-055)
* Microsoft XML CoreServices (MS06-071)
Reply With Quote
Reply

Bookmarks

« QWERTYjacking: Wireless Keyboards Easily Cracked | New domain name practice criticized »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT -4. The time now is 03:31 AM.
Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0
Copyright Abibitumi Kasa 2006-2010


Abibitumi Kasa Afrikan Liberation Institutes and Community Networks RSS Feeds - Contact Us   Abibitumi Kasa Afrikan Liberation Institutes and Community Networks         Archive  


Footer
Top
These are the 70 most-searched-for thread tags
Search Tag Cloud
(twi) 7 or 8 9th 2008 abibitumi abujamal africa afrikan akan ancient applications baby baruti begins bible black booklist camps class cnn concentration court cultural death egyptians family geronimo ghana ghanafest hebrew? inside introduce journey june kamau kambon kasa languages launch learn liberation links main messengers mothers mwalimu nations network nigerian okomfo online post race rashidi runoko sankɔfa science seneweb session slideshow standing summer summit t'shango trouble twi week wolof words yoruba
Inactive Reminders By Mished.co.uk