Elite
join:2002-10-03
Orange, CT
 ·Optimum Online
| Yeah sure.
The current GMER beta, at »www2.gmer.net/beta, can detect and remove all variants of MBRKit at the moment.
Prevx's "Prevx CSI" can at least detect, and I believe remove, all variants of MBRKit.
A number of other antirootkit tools and AVs have varying levels of detection and removal, depending on variants.
--
QUAD!!!! |
mysec
Premium
join:2005-11-29
4 edits | said by Elite  :A number of other antirootkit tools and AVs have varying levels of detection and removal, depending on variants.
Also, easy to prevent from installing:
1) Patching
»www.updatexp.com/mebroot.html
Mebroot has been deliberately installed at websites controlled by the criminals and targets those website visitors who have not patched their computers with the latest security updates from Microsoft.
Mebroot Spreading through High-Traffic, Compromised Web Sites
»msmvps.com/blogs/donna/archive/2···tes.aspx
Today the Italian Web site emule-italia.it had been compromised and was hosting an obfuscated script. The script, when deobfuscated, was showing an iframe pointing to ... which was redirecting users to a server hosting the Neosploit tool. Neosploit is forcing vulnerable PCs to download and install the latest version of the infamous Trojan.Mebroot.
2) White List Protection for Zero-day exploits
Ongoing IFrame attack proving difficult to kill
http://arstechnica.com/news.ars/post/20080318-ongoing-iframe-attack-proving-difficult-to-kill.html
Over the past 12 days, an IFrame injection attack that originally focused on ZDNet Asia has been spreading across the 'Net, changing targets and payloads on an almost daily basis. An iFrame (short for inline frame) is an element of HTML that's used to embed HTML from another source into a webpage.
from 2006
___________________________________________________
___________________________________________________
___________________________________________________
----
rich |
