Leading information technology solutions provider - Kaspersky Lab published an article entitled "Bootkit2009" article, the post by Sergey Golovanov, senior analyst at Kaspersky Lab and Kaspersky Lab senior maliciouswrite software analyst Vyacheslav Rusakov, for the most dangerous malware last amended version Backdoor.Win32.Sinowal.
Bootkit the end of March found the new version can be downloaded pirated software through the Web site, porn resource site to spread.Almost all infected servers will be placed on a Russian link: The spread of malicious programs in the industry structure has also been euphemistically called the "Partner Program", that site owners and the relationship between malicious code writers.
The name for the site to create a mode of transmission of the vulnerability detection is also considered a relatively new technology, almost can not use this method to block access to offensive Web site blacklist.
As always, bootkit through infected MBR, boot the operating system has not loaded before their drivers.And the past is different is that this version of the rootkit using more advanced techniques to hide itself, its driver code has undergone major changes, most of the key functions for the operating system will install the system hook, or itself is the hook function, whichanalysis of malicious code includes complex procedures.
One from the other anti-virus products, the company's monitoring data for comparison bootkit that every time a malicious user to modify the domain name to create rules and change the methods used by the bootkit, not all of these solutions are able to prevent the invasion of the computer bootkitand in the shortest time to recover an infected system.
Kaspersky Lab to provide users with a full range of reliable protection, to prevent bootkit at all stages of operation, when a user visits an infected Web site, Kaspersky Internet Security 2009 will block website vulnerability, scriptingas create and download vulnerability is the most dangerous.
Bootkit newly discovered variant of that, we need to improve existing anti-virus technology to effectively combat those who attempt to infect not only computers, but also the complexity of the operating system has a high level of threat.