21 June 2010
E-threat can prevent OS from starting up
BitDefender has released signatures and a free removal tool to protect its customers against a new piece of backdoor that overwrites the Master Boot Record of the local hard-disk drive, thus preventing Windows from starting up.
Identified by BitDefender as Backdoor.Yonsole, the e-threat was spotted on Saturday, June 19. It comes bundled with various applications, including what appears to be a �critical Microsoft� Windows� update�. Preliminary analyses revealed the presence of two variants (A and B), which share the same functionality, but differ in the way they subvert Windows services.
After it has successfully infected the host system, the malware installs and registers a backdoor service that allows a remote attacker to pass commands, as well as to initiate a Remote Desktop session. Among the supported commands there is the overwriting of the Master Boot Record (MBR) area of the hard-disk, a behavior that is specific to the notorious worms in the Zimuse family.
Users suspecting that their systems have been compromised are strongly advised to run the removal tool available on Malware City. If the MBR hasn�t been overwritten yet, the removal tool will clean the system and perform a reboot. BitDefender has updated its signatures to block and delete both variants of Backdoor.Yonsole as of Saturday, which leaves BitDefender customers unaffected by this e-threat.
For more information on Backdoor.Yonsole and for the free removal tool, please visit Malware City
MEDIA RELATIONS
[email protected]INDUSTRY ANALYST RELATIONS
[email protected]INVESTOR RELATIONS
[email protected]