The Latest in IT Security

Posts Tagged ‘boot record’

The evolution of Ronvix: Private TCP/IP stacks

26
Jul
2013

We recently discovered a new breed of the bootkit Rovnix that introduces a private TCP/IP stack.  It seems this is becoming a new trend for this type of malware.The implementation of the private stack is based on an open-source TCP/IP project and it can be accessed from both kernel and user modes.It works like this: […]

Category General Written by Microsoft Malware Protection Center 0 Comments

Read more ...

Olmasco bootkit: next circle of TDL4 evolution (or not?)

18
Oct
2012

ESET – Olmasco (also known as SST, MaxSS)  is a modification of the TDL4 bootkit family that we’ve been aware of since summer 2011. We started to track a new wave of activity from a new Olmasco dropper at the end of this summer. This bootkit family was the second to use VBR (Volume Boot […]

Category General Written by ESET ThreatBlog 0 Comments

Read more ...

Rovnix bootkit framework updated

14
Jul
2012

We have been tracking the activity of the Rovnix bootkit family since April 2011. Rovnix was the first bookit family to use VBR (Volume Boot Record) infection (NTFS bootstrap code) for loading unsigned kernel-mode drivers on x64 (64 bit) platforms. The reason for exploring further is the desire of the Rovnix developers to bypass antivirus […]

Category General Written by ESET ThreatBlog 0 Comments

Read more ...

« Older Entries

Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments