QUOTE
Notice
This is a Low-Profiled Threat Notice for StealthMBR
Justification
StealthMBR has been deemed Low-Profiled due to media attention at http://voices.washingtonpost.com/securityf...ets_500000.html.
StealthMBR is referred to as the "Sinowal" Trojan, in the voices.washingtonpost.com article.
Read About It
Information about StealthMBR is located on VIL at: http://vil.nai.com/vil/content/v_143908.htm
Detection
The 5415 DAT files released on Oct 24, 2008 provide coverage for this variant as PWS-JA in all products.
The rootkit behavior of this variant is detected as StealthMBR!rootkit since the 5330 DATs (July 2nd, 2008).
The 5423 DAT files releasing on Nov 3, 2008 will detect files relating to this variant as StealthMBR trojan.
This variant was first discovered on Oct 21, 2008.
To stay updated and protected download the latest dat files from http://www.mcafee.com/us/downloads/index.html
If you suspect you have StealthMBR, please submit a sample to http://www.webimmune.net
Risk Assessment Definition
For further information on the Risk Assessment and Avert Labs Recommended Actions please see: http://www.mcafee.com/us/threat_center/out...assessment.html
This is a Low-Profiled Threat Notice for StealthMBR
Justification
StealthMBR has been deemed Low-Profiled due to media attention at http://voices.washingtonpost.com/securityf...ets_500000.html.
StealthMBR is referred to as the "Sinowal" Trojan, in the voices.washingtonpost.com article.
Read About It
Information about StealthMBR is located on VIL at: http://vil.nai.com/vil/content/v_143908.htm
Detection
The 5415 DAT files released on Oct 24, 2008 provide coverage for this variant as PWS-JA in all products.
The rootkit behavior of this variant is detected as StealthMBR!rootkit since the 5330 DATs (July 2nd, 2008).
The 5423 DAT files releasing on Nov 3, 2008 will detect files relating to this variant as StealthMBR trojan.
This variant was first discovered on Oct 21, 2008.
To stay updated and protected download the latest dat files from http://www.mcafee.com/us/downloads/index.html
If you suspect you have StealthMBR, please submit a sample to http://www.webimmune.net
Risk Assessment Definition
For further information on the Risk Assessment and Avert Labs Recommended Actions please see: http://www.mcafee.com/us/threat_center/out...assessment.html