According to Mircea Pavel, researcher at security company BitDefender, new malicious software, Rootkit.MBR.Whistler.B was recently contaminating plentiful of the Whistler bootkit records an MBR (master bootkit record), published Softpedia on November 9, 2011.
Following a computer disk's final segmentation, the entire data of Whistler stays with the malware. And suppose the un-segmented space isn't sufficient the bootkit will make the final segmentation smaller, ensuring that a minimum of 400 free sectors is created.
A prominent change evolving within this edition, involves Whistler data's total encryption. As within the bootkit's previous editions the encryption was merely of the malware with the first MBR along with several more components allowed to remain within the un-segmented sectors as plaintext, security software could detect the infection without difficulty Within the more fresh and treacherous variants, the encryption of components occur utilizing the final partition's LBA, with the components located in the partition in the form of a key.
...
