Back in January 2008, we looked at how the TrustDefender Kernel Forensics Engine can detect the Silentbanker Trojan and the Master Boot Record (MBR) virus.
Since then, many new variants of te same rootkits have been released and we thought we have a more detailed look into a new variant of the MBR Rootkit (Torpig)
Alarmingly we found that the wider Antirivus products do not pick up this variant (and possibly also earlier ones) more or less at all (!)
Almost not a single Antivirus Engine was detected the MBR/Torpig-Dropper when we got a sample. When we checked it first, 2 out of 33 (6%) of the Antivirus Engines detected some suspicious behavior (see Attachment 1).
The next day, only 11 out of 33 (33%) detected the threat with some of the big names still not protecting their customers like CA, McAfee, Sophos or Symantec. (see Attachment 2).”