Re: MBR Rootkit

[Larry Seltzer <larry () larryseltzer com>]

IIRC, the severity of that one was (imagine this!) exaggerated in the press.
It doesn't really force a reinstall.

On Sat, Aug 13, 2011 at 9:37 PM, Daniel Otis <dso () moosoft com> wrote:

> Sorry, I sent from the wrong address!
>
> Forgive me for not being clear.  I meant the latest one in the news:
>
> http://www.itbusinessedge.com/cm/community/news/sec/blog/new-rootkit-forces-windows-reinstall/?cs=47591
>
> Thanks!
>
> Daniel
>
> On 8/13/2011 6:58 PM, Valdis.Kletnieks () vt edu wrote:
> > On Sat, 13 Aug 2011 13:08:59 MDT, Daniel Otis said:
> > > Does anyone have a sample of the latest MBR Rootkit?  I need one to
> > > experiment on, thanks!
> > *the* latest?  Try 'git clone git://github.org/mbr' or similar? ;)
> >
> > (And here I thought there were multiple *families* of MBR rootkits out
> there,
> > each with multiple instances?  Are you looking for a *specific* one, and
> are
> > criteria like "new variants from under 24 hours ago" meaningful for your
> > experimentation?  There's a few bazillion variants of malware out there,
> > the more specific you can be the better....
>
>
> --
> MooSoft Development LLC
> http://www.moosoft.com
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.