Popureb - a small rootkit with a big reputation

Discussion in 'Spyware' started by ~BD~, Jul 7, 2011.

  1. ~BD~

    ~BD~ Guest

    From Sophos
    ***********
    by Chester Wisniewski on July 6, 2011

    There has been a lot of discussion in recent weeks about some new
    variants of the Popureb rootkit that clobber your Master Boot Record (MBR).

    Initial reports from Microsoft even suggested the only way to recover
    was to reinstall Windows, which fortunately is not true.

    SophosLabs Threat Researchers Mike Wood, Michele Freschi and Ahmed Zaki
    have published a technical paper that looks at the inner workings of
    Popureb.

    In the paper they explain the four major components of the malware,
    including the methods used by the rootkit and driver used to protect it.

    To get all the details on Popureb and how to safely clean up infected
    computers, download "Popureb - a small rootkit with a big reputation."

    And be sure to read Paul Ducklin's recent article on rootkits in general
    to remind yourself that no malware - not even a rootkit - is
    "indestructible", whatever you may have seen lately in the media on this
    tricky subject.

    This malware has been characterized as something that is panic worthy.
    While multi-component malware, rootkits and encryption are certainly
    challenging to deal with there is no reason to panic.

    http://nakedsecurity.sophos.com/2011/07/06/popureb-a-small-rootkit-with-a-big-reputation/

    HTH

    Dave
     
    ~BD~, Jul 7, 2011
    #1
    1. Advertisements

  2. ~BD~

    Mike Easter Guest

    That is an article about an article.

    The article it is about is much more interesting than the article about
    the article.

    The actual article that it is about is a .pdf accessible from this
    Sophos page^1.

    ^1 Previewable goo.gl http://goo.gl/t60rD+ - it is technically inferior
    to other MBR-based rootkits

    From the .pdf: With such gaping holes in the stealthing mechanisms
    employed, it is almost contradictory to refer to Popureb as a rootkit
    (as stealthing, or hiding the presence of the infection, is a primary
    requirement to be a rootkit).
     
    Mike Easter, Jul 7, 2011
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.