New Malware Hides In The Boot Sector

Popureb Trojan

Microsoft is telling Windows users that if they get infected with a new rootkit that hides in the boot sector, that they will have to re-install Windows.

A new variant of a Trojan Microsoft calls "Popureb" digs itself so deeply into the system that the only way to remove it is to return Windows back to its "Out Of The Box" configuration.

"If your system gets infected with this trojan, we advise you to fix the MBR (Master Boot Record) and the use a recovery CD to restore your system to a pre-infected state" said a Microsoft engineer with the Microsoft Malware Protection Center.

Malware like Popureb overwrites the hard drives MBR, the first sector where code is stored that helps your computer start up.  Because it hides here, the rootkit is effectively invisible to both Windows AND your security software.

According to the engineer, the rootkit detects write operations to fix the problem, and swaps it out with a read operation. It looks to the user that the command fixed the problem but really has not.

Rootkits are often planted by attackers to hide follow-on malware, such as banking password-stealing Trojans.  Rootkits have been around for a long time and are nothing new.  They are usually hard to get rid of because of the way they do hide themselves, this new one makes it that much more difficult because it hides "outside" of the normal places where most security software can scan.

Following basic security rules like not opening suspicious emails, visiting sketchy websites that want to you to download "special" software to watch a video, can lessen the likely hood that you will get infected.  And if by chance you do get infected, your best bet is to power down your PC and remove it from the network and have it checked by a professional.  Having a backup of your most important files will save time and resources and get you back up and running sooner.

If you have any system questions or concerns, call the CCS Retail Support Department at 800-672-4806 or email us.



Leave a Reply