0 Members and 1 Guest are viewing this topic.
After a couple of months happy users’ running the TDSS remover, the Stoned Bootkit release reminded us of yet another popular and ever badly managed threat: MBR-infecting trojans, among which Sinowal (Mebroot) is the most known. So we decided to find out whether antivirus tools are ready to cope with new threats of the same kind.We carried out some simple tests. The results were surprising. It looks like many antivirus tools detect MBR trojans by signature, which means that a well-known trojan (say, a Mebroot specimen) can be easily made undetected by means of a trivial code modification. Check the next VB for a detailed write-up including test details.Detecting Mebroots by signature is stupid, since it is easy to detect and cure ANY MBR modification generically. So we made a simple tool capable of detecting and cleaning all kinds of MBR-infecting trojans, including Mebroots: Bootkit remover.
Page created in 0.05 seconds with 19 queries.