Monday, January 21, 2008

Master Boot Record Rootkit

Just found some useful information on MBR rootkit. Below is the timeline.

According to SANS, the next big thing is that those distributing this rootkit, also distribute the Torpig banking Trojan. The rootkit is currently being installed through a set of relatively old, and easy to patch Microsoft vulnerabilities:

  • Microsoft JVM ByteVerify (MS03-011)
  • Microsoft MDAC (MS06-014) (two versions)
  • Microsoft Internet Explorer Vector Markup Language (MS06-055)
  • Microsoft XML CoreServices (MS06-071)