New Backdoor Trojan Nukes Windows Boot Process

Microsoft's Chun Feng said Friday that a new piece of malware capable of nuking the Windows boot process has been discovered. Rather than loading up the operating system, users are greeted with a black screen displaying a single-line, ASCI-based banner.

"A recently discovered backdoor sample (detected as Backdoor:Win32/Yonsole.A) can accept and execute a command from a remote server to modify the Master Boot Record (MBR) on the affected machine," Feng said. "The modification to the MBR is like the old "Stoned" virus for DOS. However, in this case, the MBR does nothing but display a banner in the center of the screen and freeze the PC. We detect the new MBR as Trojan:DOS/Yonsole.A."

Yonsole can infect popular, mainstream versions of Windows platforms--XP, Vista, and Windows 7--by dropping a DLL into C:\Windows\System32. The trojan can also dump a DLL into C:\Winnt\System32 on machines running Windows 2000 and NT. Yonsole was actually discovered earlier this month, so most anti-virus programs--including Microsoft Security Essentials--should already provide protection.

Create a new thread in the UK News comments forum about this subject
This thread is closed for comments
9 comments
    Your comment
  • nesters
    Cool
    -2
  • damian86
    Get a grip
    0
  • damian86
    Rab1d-BDGRIn that case, we'd all better delete \System32\ just to be on the safe side. Scorched earth policy - nowhere to hide. ;-)
    -2