media release 30 - Online criminals release new MBR rootkit - final.doc

MEDIA ALERT

Online Criminals Launch Dangerous New MBR Rootkit (Torpig) Variant  - Globally Targeting Those With Lapsed Security 

TrustDefender’s Inbuilt Kernel Forensics Engine detects dangerous new rootkit whilst many traditional anti-virus solutions fail to detect this new variant.

Sydney Australia – Friday 18 July, 2008 – TrustDefender Labs released findings today from research into online crimes’ new dangerous MBR rootkit (Torpiq) variant, which is designed to beat traditional anti-virus solutions at the PC and those security technologies deployed by enterprise corporations.

In January 2008, the TrustDefender Labs research team looked at how the TrustDefender Kernel Forensics Engine can detect the Silentbanker Trojan and the Master Boot Record (MBR) virus. However, yesterday online criminals stepped up the challenge by releasing a new, extremely dangerous MBR (Torpig) rootkit. TrustDefender’s Labs found that the Kernel Forensics Engine developed as part of the TrustDefender software offering that is deployed by enterprises and consumers was able to detec this dangerous crimeware as it has with all MBR/Torpig variants. Alarmingly however, TrustDefender Labs also found that this dangerous crimeware was not detected by most traditional Anti-virus solutions on the market today.

Andreas Baumhof, who heads up TrustDefender Labs said, “ The interesting part is that at the time the virus was found, not a single Antivirus Engine was able to detect the MBR/Torpig-Dropper. When we checked it first, 2 out of 33 (6%) of the Antivirus Engines detected some suspicious behavior (see Attachment 1). The next day, only 11 out of 33 (33%) detected the threat with some of the big names still not protecting their customers like CA, McAfee, Sophos or Symantec. (see Attachment 2).”

Mr Baumhof went on to say, “This variant of the MBR/Torpig trojan is installed as a drive-by download which is triggered by some highly obscusfated Javascript Code. So, innocent users won’t even notice any download or installation, especially If they haven’t kept their Windows up-to-date. Even for those who are up-to-date or if they have accidently allowed the program to run, it’s game over.”

Attachment 1 - Virustotal Result

Attachment 2 - Virustotal result next day

Attachment 3 - TrustDefender Kernel Forensics Dialog

About TrustDefender: TrustDefender is a worldwide leading provider of ‘On Demand Endpoint Security Solutions’ to safeguard online business transactions. With its Guaranteed Authentication Program (GAP) protection, TrustDefender is able to guarantee the authenticity of a website. The secure lockdown, safe & secure mode, two factor authentication and the TrustedSurfing database complete the holistic security solution.

TrustDefender employs an enhanced sophisticated ‘Rootkit’ detection technology and ‘Kernel Forensics Engine’ that will detect, isolate and secure the PC from highly sophisticated Trojans, viruses and other malicious software during online transactions.

The detailed forensics and intelligence of the TrustDefender system make it the only solution capable of truly ‘protecting’ consumers and banks, financial institutions, eGovernment and online merchants against the undetectable and harmful crime ware that is constantly appearing to threaten the online environment.

The secure policy engine allows online businesses to educate and enforce the compliance of a home user’s PC to their security policies. TrustDefender is the world’s first security solution which enables online businesses to integrate the home user’s PC into the overall security solution.

For more information visit: www.trustdefender.com.

For media information, contact:
Kerryn Nelson
Managing Director
Big Mouth Marketing Communications P/L
Ph: +61 3 9558 3122 / +61 417 035 536
E: This e-mail address is being protected from spambots. You need JavaScript enabled to view it