Kaspersky Lab publishes the analytical article “Bootkit 2009”

9 June 2009

Kaspersky Lab publishes an analytical article about Backdoor.Win32.Sinowal crimeware

Kaspersky Lab presents “Bootkit 2009”, an analytical article devoted to a new modification of last year’s most dangerous malicious program, Backdoor.Win32.Sinowal. The article from Sergey Golovanov, senior malware analyst at Kaspersky Lab and Vyacheslav Rusakov, lead developer of the complex threat analysis group at Kaspersky Lab, is available at www.viruslist.com/en.

The new version of the bootkit, identified at the end of March 2009, is spread via compromised sites, porn resources and sites where pirated software can be downloaded. Almost all the servers, which are part of the infection process, have a Russian language connection: they work within the framework of so-called partner programs, in which site owners work with the authors of crimeware.

The bootkit, as before, uses a method based on infecting the MBR in order to load its driver before the operating system starts. In comparison with previous variants, this version of the rootkit uses a more advanced technology in order to hide its presence in the system. The driver code has also undergone significant modification and the majority of key functions, which install hooks for operating system functions or hooks themselves, have been morphed. This complicates the procedure of analysing the malicious code significantly.

The work of the most recent modification of the bootkit demonstrates the need to improve current antivirus technologies which are able to effectively combat not only attempts to infect computers, but to detect complex threats which operate at the very deepest levels of the operating system.

The article is available at www.viruslist.com/en. Kaspersky Lab analysts provided details on previous version of the bootkit during last year in Malware Evolution: January – March 2008 and in an article entitled Bootkit: the challenge of 2008.

The article may be reproduced, provided the author, company name and original source are cited. Reproduction of this material in re-written form requires the express consent of the Kaspersky Lab press office.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Kaspersky Lab publishes the analytical article “Bootkit 2009”

Kaspersky Lab publishes the analytical article “Bootkit 2009”

About Kaspersky

Related Articles Press Releases

The number of phishing attacks doubled to reach over 500 million in 2022, says Kaspersky

Tap-to-pay, insert-to-rob: cybercriminals can now block contactless payments

Developers, attackers and designers topped the list of the most demanded IT professionals on the Darknet

Roaming Mantis uses DNS changers to target users via compromised public

Targeted ransomware attacks in the UK have more than doubled in 2022

The next WannaCry and drone hacking: Security Predictions for 2023

New SandStrike spyware targets Android users with booby-trapped VPN application

New Malicious WhatsApp Mod Advertised in the Popular Snaptube App

OnionPoison: Infected Tor Browser Installer Distributed Through Popular YouTube Channel

YouTube Gamers Being Targeted by Self-Spreading Password Stealer RedLine