GLENDALE, Calif., Jan. 10 /PRNewswire/ -- PandaLabs, Panda Security's malware analysis and detection laboratory, has detected the appearance of Trojans that include rootkits (MBRtool.A, MBRtool.B, MBRtool.C, etc.) designed to replace the master boot record (MBR), the first or zero sector of the hard disk, for one of their own. A rootkit is a program designed to take fundamental control of a computer system, without authorization by the system's owners and legitimate managers. This new form of attack is a revolutionary use of rootkits, making it even more difficult to detect the associated malicious code. "This system of attack makes it practically impossible to detect the rootkits and the malicious code they hide once they are installed on a computer," said Luis Corrons, technical director of PandaLabs. "The only feasible defense is to detect these rootkits before they enter the computer. In anticipation of other similar malicious code that may appear, it is essential to use proactive technologies that can detect threats without having previously identified them." The aim of rootkits when employed by cyber-crooks is to hide the action of malware, making it more difficult to detect. Until now, rootkits were installed in system processes, but the new strains detected by PandaLabs are installed on a part of the hard disk that runs even before the operating system starts up. When one of these new rootkits is run on a system, it makes a copy of the existing MBR, modifying the original with malicious instructions. This means if there is an attempt to access the MBR, the rootkit will redirect to the genuine one, preventing users or applications from finding anything suspicious. The modifications made mean that when a user starts up the computer, the manipulated MBR will run before the operating system is loaded. At that moment, the rootkit will run the rest of its code, thereby completely hiding itself and any associated malicious code. Until now, rootkits were used to hide extensions or processes, but these new examples can trick systems directly. Its location means that users won't notice any anomaly in any system processes, as the rootkit loaded in memory will be monitoring all access to the disk to make any of its associated malware invisible to the system. Users should take precautions against this new type of threat, and not run any file from unknown sources. To remove the malicious code, infected users should start up their computers using a boot CD so as not to run the MBR. Then, they would have to restore the MBR using a utility like fixmbr in the Windows recovery console if this operating system is installed. "These rootkits can also affect other platforms, such as Linux, as their action is independent of the operating system installed on the computer," added Corrons. About PandaLabs Since 1990, PandaLab's mission has been to analyze new threats as rapidly as possible to keep its clients safe. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPrevent(R) Technologies, which act as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to Av.Test.org, PandaLabs is currently the fastest laboratory in the industry in providing complete updates to users. More information is available in the PandaLabs blog (http://www.pandalabs.com). About Panda Security Panda Security is one of the world's leading IT security providers, with millions of clients across more than 200 countries and products available in 23 languages. Its mission is to develop and provide global solutions to keep clients' IT resources free from the damage inflicted by viruses and other computer threats, at the lowest possible total cost of ownership. Panda Security proposes a new security model, designed to offer a robust solution to the latest cyber-crime techniques. This is manifest in the performance of the company's technology and products, with detection ratios well above average market standards and most importantly, providing greater security for its clients. For more information and evaluation versions of all Panda Security solutions, visit our website at: http://www.pandasecurity.com.
SOURCE Panda Security