ComGuard FZ-LLC announced,Kaspersky Lab implements detection and treatment for unique MBR rootkit

May 2012

Kaspersky Lab, a leading developer of secure content management solutions, has implemented detection and treatment for a new variant of a unique MBR rootkit.

FOR IMMEDIATE RELEASE

Attachment

PRLog (Press Release) - May 21, 2009 -
Kaspersky Lab, a leading developer of secure content management solutions, has implemented detection and treatment for a new variant of a unique MBR rootkit.

The new variant of Sinowal, a malicious program that is capable of hiding its presence in the system by infecting the Master Boot Record (MBR) on the hard drive, was detected by the company's experts at the end of March 2009.

Throughout 2008, Kaspersky Lab's analysts provided detailed reports about other variants of this rootkit: in the first quarterly report on malware evolution (www.viruslist.com/en/analysis?pubid=204792002) and in the article "Bootkit: the challenge of 2008". However, the new variant has come as a surprise for researchers. Unlike earlier versions, the new modification, Backdoor.Win32.Sinowal, penetrates much deeper into the system to avoid being detected. The stealth method used in this variant hooks device objects at the operating system's lowest level. This is the first time cybercriminals have used such sophisticated technologies. This explains why no antivirus products could treat computers infected with the new Sinowal modification or even detect it when it first appeared. Once the bootkit penetrates the system, it conceals the payload's activities, which are designed to steal user data and various account details.

According to Kaspersky Lab's experts, over the last month the bootkit has been actively spreading from a number of malicious sites that exploit Neosploit vulnerabilities. In particular, it can penetrate a system via a vulnerability in Adobe Acrobat Reader that allows a malicious PDF file to be downloaded without the user's knowledge.

Implementing detection and treatment for the bootkit, which is still spreading throughout the Internet, is the most difficult task that antivirus specialists have faced for a number of years. Kaspersky Lab was one of the first major antivirus vendors to incorporate both detection and successful treatment for the new Sinowal modification in its personal antivirus solutions.

To check whether the bootkit has infected a computer, users must update their antivirus databases and perform a complete system scan. If the bootkit is detected, the computer will need to be rebooted during the treatment process.

Kaspersky Lab specialists also recommend users to install all the necessary patches to close vulnerabilities in Acrobat Reader and any browsers that they use.

Photo:
http://www.prlog.org/10241064/1

# # #

ComGuard FZ LLC was founded in 2002 and is headquartered at Dubai Internet City in the United Arab Emirates. We are one of the leading value added distributors of IT security products in the Middle East and North Africa.

In March 2007, Spectrum FZ LLC took over the management of ComGuard. This enables us to seek technological and back office support from Spectrum Group, and also access to an extensive customer base across 23 countries in the region.

We have emerged with a fresh strategy to offer more value to our distribution services . High on our agenda has been our focus on extending our channel reach and disseminating product knowledge to our partners..
For more information please visit www.comguard.net

--- end ---

Contact Email	:	***@comguard.net
Source	:	Marketing communication Dept
Phone	:	+971 4 391 6400
Fax	:	+971 4 391 6867
Address	:	Office 312, Building 12, Dubai Internet City
Zip	:	500182
State/Province	:	Dubai
Country	:	United Arab Emirates
Industry	:	Security, It security
Tags	:	IT, security, mbr rootkit, secure content solutions, kaspersky lab, comguard, middle east, uae
Last Updated	:	May 21, 2009
Shortcut	:	http://prlog.org/10241064