There has been a lot of discussion in recent weeks about some new variants of the Popureb rootkit that clobber your Master Boot Record (MBR).
Initial reports from Microsoft even suggested the only way to recover was to reinstall Windows, which fortunately is not true.
SophosLabs Threat Researchers Mike Wood, Michele Freschi and Ahmed Zaki have published a technical paper that looks at the inner workings of Popureb.
In the paper they explain the four major components of the malware, including the methods used by the rootkit and driver used to protect it.
To get all the details on Popureb and how to safely clean up infected computers, download “Popureb – a small rootkit with a big reputation.”
And be sure to read Paul Ducklin’s recent article on rootkits in general to remind yourself that no malware – not even a rootkit – is “indestructible”, whatever you may have seen lately in the media on this tricky subject.
This malware has been characterized as something that is panic worthy. While multi-component malware, rootkits and encryption are certainly challenging to deal with there is no reason to panic.Follow @chetwisniewski