New MBR rootkit goes undetected

[Bob]

Are these rootkits only a problem for 32-bit systems
or can they now also infect vista 64-bit?

[vijayind]

BluePill rootkit was developed on x64 systems only. So yes, x64 rootkits do exist (I guess)

http://northsecuritylabs.blogspot.co...blue-pill.html

also: http://bluepillproject.org/

[steve1955]

Quote:

Originally Posted by ffreedom01

Wow...with all the security you are running, I am surprised it wasn't picked up!

Perhaps the best idea is fill your HD with security apps so there's no room for any malware!

[MAOS]

I just got the RSS feed report

http://www.prevx.com/blog/131/MBR-Rootkit-reloaded.html

Quote:

We have checked how many antirootkits are already able to detect the new version of MBR rootkit we've isolated two months ago. Result is that only five applications are able to fully detect this threat

[Baz_kasp]

Quote:

Originally Posted by MAOS

I just got the RSS feed report

http://www.prevx.com/blog/131/MBR-Rootkit-reloaded.html

I assume if prevx is so worried about the lack of detection by other security vendors they have shared samples with the security community to combat such a "dangerous" threat....unless they are going to pull a "Dr.Web"

[EraserHW]

Quote:

Originally Posted by Baz_kasp

I assume if prevx is so worried about the lack of detection by other security vendors they have shared samples with the security community to combat such a "dangerous" threat....

Right I can assure you I personally shared all the samples I have with all companies that asked me for them. Sure, I'm not going to hunt for every single e-mail contact inside every single company and send samples in a spam-like way If anyone from security vendors want them, just ask for them I think it's the best way for everyone

[Baz_kasp]

Quote:

Originally Posted by EraserHW

Right I can assure you I personally shared all the samples I have with all companies that asked me for them. Sure, I'm not going to hunt every single e-mail contact inside every single company and send samples in a spam-like way If anyone from security vendors want them, just ask for them I think it's the best way for everyone

I think we both know about a certain place(s) where vendors meet for malware researching, makes sense to lay them out in there perhaps....I mean of course this is great that you found it and congratulations on the technical knowledge, props for being the first.... but if its something revolutionary collective intelligence is better than none.

[EraserHW]

Quote:

Originally Posted by Baz_kasp

I think we both know about a certain place(s) where vendors meet for malware researching, makes sense to lay them out in there perhaps....I mean of course this is great that you found it and congratulations on the technical knowledge, props for being the first.... but if its something revolutionary collective intelligence is better than none.

As you may know, inside certain places samples are available since April So they have been always available to everyone

[Baz_kasp]

Quote:

Originally Posted by EraserHW

As you may know, inside certain places samples are available since April So they have been always available to everyone

In which case I apologise since I missed that.

[EraserHW]

Quote:

Originally Posted by Baz_kasp

In which case I apologise since I missed that.

No problem at all You're more than welcome

[developers]

Quote:

Originally Posted by Saraceno

It's good seeing people test their security programs against this variation.

Maybe someone can test Shadow Defender? Would be interested to find out if a reboot removes the infection.

No, it's vulnerable.

[MAOS]

New variant of mebroot detected as vendors criticised for failing to react to threat

[format_c]

Dr.Web can neutralize all known modifications of the Backdoor.Maosboot including its latest variation discovered in May and still undefeated by any other anti-virus.

[TonyW]

Interesting analysis by Sergey Golovanov at KL here.

[raven211]

Quote:

Originally Posted by format_c

Dr.Web can neutralize all known modifications of the Backdoor.Maosboot including its latest variation discovered in May and still undefeated by any other anti-virus.

... and it says so on their own website - *applause*.