From Sophos
***********
by Chester Wisniewski on July 6, 2011
There has been a lot of discussion in recent weeks about some new
variants of the Popureb rootkit that clobber your Master Boot Record (MBR).
Initial reports from Microsoft even suggested the only way to recover
was to reinstall Windows, which fortunately is not true.
SophosLabs Threat Researchers Mike Wood, Michele Freschi and Ahmed Zaki
have published a technical paper that looks at the inner workings of
Popureb.
In the paper they explain the four major components of the malware,
including the methods used by the rootkit and driver used to protect it.
To get all the details on Popureb and how to safely clean up infected
computers, download "Popureb - a small rootkit with a big reputation."
And be sure to read Paul Ducklin's recent article on rootkits in general
to remind yourself that no malware - not even a rootkit - is
"indestructible", whatever you may have seen lately in the media on this
tricky subject.
This malware has been characterized as something that is panic worthy.
While multi-component malware, rootkits and encryption are certainly
challenging to deal with there is no reason to panic.
http://nakedsecurity.sophos.com/2011...ig-reputation/
HTH
Dave
Reply With Quote