Mebroot:感染硬盘主引导记录的rootkit、恶煞般的安全威胁

时间:2022-02-17 07:07:08

MBR rootkit Mebroot: A tough threat to security
Mebroot:感染硬盘主引导记录的rootkit、恶煞般的安全威胁

Author: Arun Radhakrishnan
作者:Arun Radhakrishnan

Category: News, Security
分类:新闻,安全

Tags: Software, Malware, F-Secure Corp., Security Software, Rootkits, Security, Spyware, Adware & Malware, Arun Radhakrishnan
标签:软件,恶意软件,F-Secure公司,安全软件,Rootkits,安全,间谍软件,广告软件 & 恶意软件,Arun Radhakrishnan

翻译:endurer,2008-03-10第1版
英文来源:http://blogs.techrepublic.com.com/tech-news/?p=2099&tag=nl.e101

Security firm Finjan has raised a warning on rootkit “Mebroot,” which it believes has entered the Release to Manufacturing (RTM) phase — a term used for software that has entered production. It’s extremely difficult for security software to detect this rootkit because it overwrites the master boot record (MBR) of the harddisk.
安全公司Finjan已发出关于Mebroot这一rootkit的警告,相信已进入生产阶段(RTM)——一个用于已生产的软件的术语。安全软件检测这个rootkit会极其困难,因为它覆盖硬盘主引导记录。

《1。Finjan:总部位于美国加州圣何塞,是在预防恶意代码入侵、确保系统安全领域发挥主导作用的公司之一,产品包括获得专利的实时行为侦测技术,该技术为抗击未知蠕虫、病毒、特洛依木马及各种新型恶意代码提供了全新途径。》

An excerpt from InfoWorld:
来自InfoWorld的一段摘录:

Dubbed “Mebroot,” the rootkit infects the master boot record (MBR), the first sector of a PC’s hard drive that the computer looks to before loading the operating system. Since it loads before anything else, Mebroot is nearly invisible to security software.
被称为“Mebroot”的rootkit感染硬盘主引导记录(MBR),即个人电脑硬盘的第一个扇区,电脑在装载操作系统前会在这里寻找(主引导记录)。因为最先装载,Mebroot对安全软件几乎不可见。

“You can’t execute any earlier than that,” said Mikko Hypponen, F-Secure’s chief research officer.
“你不可能在其之前执行其它(程序),”F-Secure研究总监Mikko Hypponen说。

F-Secure goes on to mention that its security software could at best only guess on the infection of a PC by the Mebroot rootkit. However, booting from F-Secure’s software CD makes it possible to detect the malware since then the security software gets the upper hand.
F-Secure接着提到该公司的安全软件最多只能猜测个人电脑被Mebroot感染。然而,用F-Secure的软件光盘启动,则可能检测到此恶意软件,由此安全软件占据上风。

《1。since then:自那以后》

What makes Mebroot a greater threat is that it injects itself into other system processes and all it requires to get the PC infected is to visit a Web page with unpatched Web browsers. This type of MBR infecting rootkits have been in the news for some time now, but the scale of infection is yet to be ascertained.
使Mebroot成为一个更大威胁的是将自身注入到其它系统进程,并且它感染个人电脑只需要用未打补丁的网页浏览器访问一个网页。此类感染MBR的rootkit现已上新闻一段时间了,但感染数量仍不能确定。

Crafting such targeted malware takes a high engineering effort and goes to show how lucrative the malware “business” is becoming. Malwares represent a big threat to the shifting of software services online.
如此以恶意软件为目标的产业带来了高级工程计划,并将表明多么有利的的恶意软件“生意”正在发展起来。众多恶意软件表明一个巨大的威胁转向在线软件服务。

《1。engineering effort:工程计划》

Do you feel it’s high time that an industry framework was formulated to make security integral to the design of the Internet?
你感到这是该订立产业结构以使安全集成到互联网规划的时候呢?

《1。high time:该做某事的时候》