New rootkit hides in hard drive's boot record

Cloaking malware holes up where Windows can't find it, say researchers

"But once it's on your system, it becomes much more difficult to deal with," said Friedrichs. "Once it's tampered with the master boot record, the only way to remove it is to boot using the Windows installation disk and run the Windows Recovery Console."

From the recovery console, advised Elia Florio, another Symantec researcher, users can run the "fixmbr" command to remove the rootkit. "To help prevent similar attacks in the future, and if your system BIOS includes the Master Boot Record write-protection feature, now is a good time to enable it," Florio recommended in a post to the Symantec security response team's blog on Tuesday.

Join the newsletter!

Or
Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about CreatoreEye Digital SecurityiDefenseSANS InstituteSymantecThe SANS InstituteVeriSign Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

More videos

Blog Posts