Boot.Mebroot is a common detection method used to identify Master Boot Record that was infected by Trojan.Mebroot. Boot.Mebroot is a detected MBR or first sector of the hard drive that was contracted by rookit Trojan. This part of the drive is generally used for boot strapping operating system to load it after BIOS has done checking necessary hardware and software requirements. If MBR was infected with Boot.Mebroot , the whole operation can be controlled by the Trojan.
Damage Level: High
Systems Affected: Windows 9x, Windows 2000/Server, Windows XP, Windows Vista
A Trojan created specifically to intrude MBR of target computer is causing Boot.Mebroot infection. It modifies the MBR silently and creates a backdoor that aims to steal sensitive data from the infected computer. Remote attacker may also gather online banking records through the same backdoor channel. With the use of highly developed rootkit techniques, the entire operation of this Trojan will remain hidden to users and security programs as well.
Most common propagation of a Trojan that brings Boot.Mebroot is via drive-by-download method. Additionally, unsafe file-sharing networks and fake multimedia web sites are also seen as distribution outlet of this Trojan. It will specifically infect and change the Master Boot Record (MBR) for the main purpose of running malicious code when computer starts.