A new piece of malware is capable of killing the Windows boot process, according to Microsoft. Win32/Yonsole.A is a backdoor Trojan, a term that defines a piece of malicious code designed to compromise computers and subsequently connect to a server controlled by the attacker, receive and execute various instructions. One of the functions of Yonsole is to stop Windows startup dead in its tracks. According to Microsoft’s Chun Feng, the malware is capable of doing this because it modifies the Master Boot Record of the infected computer.
“A recently discovered backdoor sample (detected as Backdoor:Win32/Yonsole.A) can accept and execute a command from a remote server to modify the Master Boot Record (MBR) on the affected machine. The modification to the MBR is like the old ‘Stoned’ virus for DOS. However, in this case, the MBR does nothing but display a banner in the center of the screen and freeze the PC,” Feng stated.
Although it was discovered in the first half of this month, all major antivirus makers offer protection against Yonsole, including Microsoft. PCs infected with this piece of malware are no longer under the control of the user. Instead, an attacker can tell the compromised
machine to perform various tasks, as Yonsole is designed to phone home to a remote host for instructions. Read more...