Or should I ask, was it ever really out of fashion? Using the Master Boot Record (MBR) as its Auto-Start Entry Point (ASEP), is still a very good and deceptive way to circumvent security measures and software before they even get started. The first time I heard a mention of the Sinowal bootsector Trojan was during the incident in Belgium where it was revealed that some Belgians were the victim of a banking Trojan (see: Newsflash: Russian maffia cracks three Belgian Banks).
Brian Krebs just released a very interesting article on the two and a half year of successful use of this Trojan and it seems we haven't seen the last of it.
On Oct. 21, a new Sinowal variant was submitted to Virustotal.com, which scans incoming files against nearly three dozen commercial anti-virus programs and maintains a historical record of those results. Only 10 out of 35 of those security programs - or 28.5 percent - identified it as such or even flagged it as suspicious. Another scan of a Sinowal variant sent to VirusTotal a week earlier yielded slightly better results, with just over half of the anti-virus tools detecting it as malicious.Drive-by downloads and browser plugin vulnerabilities are still the root cause on how this Trojan still spreads. Read the full article to get some interesting insights.
(Photo under creative commons from pixelroiber's photostream)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
1 comments:
yes, insertion into the mbr definitely did go out of fashion - for at least a decade, in part because mbr infectors were turning out to be no-where near as successful as executable file infectors in spite of often being technically superior...
Post a Comment