Mebroot proves to be a tough rootkit to crack

A rootkit uncovered in the wild in December is proving to be a real headache to detect, according to Finnish security company F-Secure.

Dubbed "Mebroot," the rootkit infects the master boot record (MBR), the first sector of a PC's hard drive that the computer looks to before loading the operating system. Since it loads before anything else, Mebroot is nearly invisible to security software.

"You can't execute any earlier than that," F-Secure's chief research officer, Mikko Hypponen, said.

A rootkit is a malicious program that hides deep in a computer's operating system and can be difficult to remove.

Since December, Hypponen said they've seen alpha and beta versions of the Mebroot rootkit but believe it has now been RTMed, the term usually used for a legitimate piece of software that's entered production after testing.