MBR rootkit – here’s some references
Prevx Blog has a good writeup located at prevx.com/blog/75/Master-Boot-Record-Rootkit…
SANS Internet Storm Center has released an interesting timeline story – link here.
From the post based to Verisign iDefense data:
- Oct. 30, 2007 – Original version of MBR rootkit written and tested by attackers
- Dec. 12, 2007 – First known attacks installing MBR code
about 1,800 users infected in four days.
McAfee detects the Trojan as StealthMBR (DAT 5204 or above) and Symantec as Trojan.Mebroot. Sophos uses name Troj/Mbroot-A, in turn. There are names like Trojan.Win32.Agent.dsj and TROJ_AGENT.APA assigned too.