Popureb - a small rootkit with a big reputation

Filed Under: Featured, Malware, SophosLabs

Infected laptopThere has been a lot of discussion in recent weeks about some new variants of the Popureb rootkit that clobber your Master Boot Record (MBR).

Initial reports from Microsoft even suggested the only way to recover was to reinstall Windows, which fortunately is not true.

SophosLabs Threat Researchers Mike Wood, Michele Freschi and Ahmed Zaki have published a technical paper that looks at the inner workings of Popureb.

In the paper they explain the four major components of the malware, including the methods used by the rootkit and driver used to protect it.

To get all the details on Popureb and how to safely clean up infected computers, download "Popureb - a small rootkit with a big reputation."

And be sure to read Paul Ducklin's recent article on rootkits in general to remind yourself that no malware - not even a rootkit - is "indestructible", whatever you may have seen lately in the media on this tricky subject.

This malware has been characterized as something that is panic worthy. While multi-component malware, rootkits and encryption are certainly challenging to deal with there is no reason to panic.

, , , , , ,

You might like

2 Responses to Popureb - a small rootkit with a big reputation

  1. Pathman · 1555 days ago

    Thanks for a good dose of anti-scare med... ;)

  2. Adrienne Boswell · 1555 days ago

    Thanks for posting about this. I just made a copy of my MBR and put it in a safe place.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.