Mebroot - New variant uses TDSS-like installation approach

Posted Sunday, May 30, 2010 6:38 AM by hwaldron

Lightning Rootkits are very advanced malware attacks that are highly stealth and difficult for AV products to detect.  TDSS is one of the most advanced Windows rootkits circulating and it is difficult to clean (usually a rebuild is recommended).  The latest Mebroot variant uses an installation process that is similar to TDSS.  Malware authors often re-engineer advanced malware techniques that are successful for new variants. 

Mebroot Variant Behaves Like TDSS
http://blog.trendmicro.com/mebroot-variant-behaves-like-tdss/
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MEBROOT.SMC

QUOTE: The TDSS malware family in itself is already a big threat to users. Known for its rootkit capabilities, TDSS constantly evolves to include more sophisticated means in order to hide its presence in an affected system. The Mebroot malware family, on the other hand, is noted for inflicting master boot record (MBR) infections.  The move to acquire other malware shows that Mebroot variants are becoming more creative in crafting techniques to infect users’ systems and to hide their routines. As such, it is possible for new variants and other malware families to team up in the future.

Additional links related to TDSS include:

Trend: TDSS Research Report
http://threatinfo.trendmicro.com/vinfo/articles/securityarticles.asp?xmlfile=111209-TDSS.xml

Infected TDSS users experience BSOD issues with MS10-015 update in FEB 2010
http://blog.trendmicro.com/windows-update-triggers-bsod-errors/
http://www.microsoft.com/technet/security/bulletin/ms10-015.mspx

Comments

No Comments