Pitou Description

Pitou is a bootkit, which seems to be a boosted version of an older threat. It is likely that the authors of the Pitou bootkit got inspired by the Srzizbi rootkit and used its code to build their creation. The creators of the Pitou bootkit have introduced some big improvements to this threat. The Pitou malware gets planted in the MBR (Master Boot Record) of the hard drive and thus becomes very difficult to spot and can remain undetected by anti-malware software for a long time.


The Pitou bootkit gains persistence that does not depend on software or operating system settings - the malevolent program may persist even if Windows is reinstalled. The classic rootkit relies on emulating a system driver that will give the malevolent program administrative rights on the compromised host, as well as persistence that does not rely on Registry modifications. The bootkit, on the other hand, is a more advanced project that gets the same result by adding itself to the Master Boot Record of the compromised device's hard drive. Another self-preservation feature of the Pitou bootkit is its ability to detect whether it is being run in a sandbox environment. It does this by browsing through the processes, which are running, the Registry and the fingerprint of the system. If any the system info has traces of popular machine emulation software such as VirtualBox, Bochs, Innotek or others, the Pitou bootkit will halt the attack.

The Goal of the Attack

When the Pitou bootkit infects a computer, it will connect to the attackers’ remote server. Then, the threat will be sent email bodies, addresses, and mail servers, which the Pitou bootkit is meant to use in the attack. Then, the victim’s PC will be used for a mass spam email campaign, often promoting drugs like Cialis or Viagra.

This is a very high-end malware, which operates very quietly. Make sure you have installed a reputable anti-malware application, which will keep your PC safe from threats like the Pitou bootkit.