Advertisment

Kaspersky Lab finds cure for Sinowal

author-image
DQC Bureau
New Update

New Delhi: Kaspersky Lab has implemented detection and treatment for a new variant of a unique MBR rootkit.

Advertisment

The new variant of Sinowal, a malicious program that is capable of hiding its presence in the system by infecting the Master Boot Record (MBR) on the hard drive, was detected by the company's experts at the end of March 2009.

Throughout 2008, Kaspersky Lab's analysts provided detailed reports about other variants of this rootkit in the first quarterly report on malware evolution and in the article “Bootkit: the challenge of 2008”. However, the new variant has come as a surprise for researchers. Sinowal, penetrates much deeper into the system to avoid being detected. The stealth method used in this variant hooks device objects at the operating system's lowest level.

According to Kaspersky Lab's experts, over the last month the bootkit has been actively spreading from a number of malicious sites that exploit Neosploit vulnerabilities. In particular, it can penetrate a system via a vulnerability in Adobe Acrobat Reader that allows a malicious PDF file to be downloaded without the user's knowledge.

Advertisment

Kaspersky Lab was one of the first major anti-virus vendors to incorporate both detection and successful treatment for the new Sinowal modification in its personal anti-virus solutions. To check whether the bootkit has infected a computer, users must update their anti-virus databases and perform a complete system scan. If the bootkit is detected, the computer will need to be rebooted during the treatment process. Kaspersky Lab specialists also recommend users to install all the necessary patches to close vulnerabilities in Acrobat Reader and any browsers that they use.

Advertisment