Master Boot Record rootkit and Ponbon.im Virus

Free antivirus Downloads to defend against facebook viruses are available from the homepage.
 Kaspersky discovers new MBR rootkit
   Posted by antivirus on 5/16/2009 @ 7:10pm

Master Boot Record Virus

       I have discussed rootkits before and they are essentially viruses that integrate themselves deep into the victim's operating system.  The most famous incident was the Sony rootkit that hid inside an unnamed service evading many antivirus detection systems.  While the latest antivirus is designed to detect these threats they often miss them.  The latest interation is the Master Boot Record or MBR virus.  The master boot record is the first 512 bytes of any hard drive and it holds information about the drives partitions such as how big the C: or D: drive is and their location on the disk.  Essentially, this area is a crucial component of your computer. What makes a MBR virus especially stealth is the fact that it is very difficult to scan and disinfect this area of drive given that it is extremely low level.  Even if antivirus attempts to clean the virus it could potentially damage the MBR record preventing Windows for booting and corrupting data. In addition the virus, Sinowal, doesn't exploit a windows vulnerability but rather an adobe acrobat vulnerability. The problem is user's don't frequently patch their adobe acrobat because of the time involved and it isn't technically automated. Therefor this makes the virus more deadly because it can be inserted into a corrupt pdf file rather than an exe etc..  Thankfully, there have been virus updates and  Kaspersky software can delete the virus.

  Facebook attacked by suspicious link Virus
   Posted by antivirus on 5/16/2009 @ 10:50pm

Facebook virus

   Facebook has become one of the most popular websites on the internet.   Many users also divulge a lot of information about themselves on Facebook.  Unfortunately, many users believe that no one else can get control of their facebook or instant messaging accounts.  However, I have a significant amount of experience with instant message viruses and trojans. Frequently, I will get a message from a user that I think sent a message but in fact a virus sent the message.   These types of bogus messages contain a link like "Check this site out."   Little do users know that these websites will contain a multitude of malware that will attempt to steal information etc.  Unfortunately, this type of attack has migrated to facebook and is now affecting facebook users. The virus will send your friends a link to ponbon.im which will attempt to steal your login data etc.  Thankfully most web browsers should catch this site as a phishing/ malicious site.  In addition, if you download AVG Free and the included AVG toolbar you should have additional protection against this trojan.

  • Read more about the ponbon virus and users experiences here
Free Antivirus such as Adaware are available on the homepage.