Cauta


Baga mailu`:


Si vezi ca mailu` e ala cu @ si fara www in fatza, da ?

-

Trojan.Mebroot

January 14, 2008 , 7:36 pm

Aflu de la Chip de Trojan.Mebroot
Symantec zice ca:

When the Trojan is executed, it creates the following mutex so that only one instance of it is running on the compromised computer at any time:
Global\7BC8413E-DEF5-4BF6-9530-9EAD7F45338B

It then reads the Master Boot Record (MBR) and then scans the partition table to find the active boot partition of the computer.

The Trojan infects the MBR, copying the original MBR to sector 62 on the hard disk.

It then installs its own kernel loader to sectors 60 and 61 of the hard disk.

Next, it copies a rootkit driver near the end of the active boot partition. The Trojan overwrites around 1149 sectors (467 KB) when copying the driver.

Next, the Trojan creates a .dll file in the current folder where it is executed and then runs the following command:
regsvr32 /s [TROJAN FILE NAME].dll

si ca:

Systems Affected: Windows XP, Windows Vista, Windows Server 2003, Windows 2000

Logic ar fi ca daca ai un LILO sau GRUB in MBR cu toate ca ai si Windows, sa te doara`n pai?pe, nu?


Scris de in IT&C Related,Linux,m$ | (5) Comentarii

Articole asemanatoare:

  • No related posts
  • 5 Comentarii »

    1. Mebroot asta face o chestie destul de draguta. Me likes it :D

      Comment by Hacky Maximus — January 14, 2008 @ 8:06 pm

    2. Global\7BC8413E-DEF5-4BF6-9530-9EAD7F45338B asta e in /etc/conf.d sau in /var/spool ca nu inteleg ? :D

      Comment by Licaon — January 14, 2008 @ 8:08 pm

    3. Trojan…Troian…Traian…cu toti niste virusi, asa-i?

      Comment by Eugen — January 14, 2008 @ 11:42 pm

    4. logic ar fi ca nu…

      dd if=/dev/zero of=/dev/sda bs=512 count=1 => no boot loader.

      logic ar fi sa nu rulezi windows ? :)

      Comment by nu conteaza — January 15, 2008 @ 12:38 pm

    5. Uuu nu conteaza is alive :)

      Comment by Alex — January 15, 2008 @ 7:00 pm

    RSS feed for comments on this post. | Trackback

    Comenteaza!

    XHTML ( Poti sa folosesti tagurile): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> .

    Sorry, nexam post-uri.

    -
    Link Exchange

    Stiri IT & C Politica Financiar Muzica Sport Sanatate Monden Cultura