New rootkit hides in hard drive's boot record

Cloaking malware holes up where Windows can't find it, say researchers

"But once it's on your system, it becomes much more difficult to deal with," said Friedrichs. "Once it's tampered with the master boot record, the only way to remove it is to boot using the Windows installation disk and run the Windows Recovery Console."

From the recovery console, advised Elia Florio, another Symantec researcher, users can run the "fixmbr" command to remove the rootkit. "To help prevent similar attacks in the future, and if your system BIOS includes the Master Boot Record write-protection feature, now is a good time to enable it," Florio recommended in a post to the Symantec security response team's blog on Tuesday.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about CreatoreEye Digital SecurityiDefenseSANS InstituteSymantecThe SANS InstituteVeriSign Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Gregg Keizer

Latest Videos

More videos

Blog Posts