Master Boot Record infection was quite popular a couple decades ago. The technique consists in getting a piece of malicious code right onto the very first sectors of the hard-drive. In such a strategic spot, the code is able to execute way before any operating system, let alone any antivirus running within the OS. It can thus have full control over the system and stay undetected more easily.

By the mid-90's this technique had been phased out by easier infection methods like VBA Office documents or Visual Basic mass mailer worms. It now makes a come back with the Mebroot Trojan Horse, being actively distributed at this time through infected websites.

As any Trojan Horse, Mebroot can't infect a system on its own. It relies on a number of browser-side exploits to actually run code on vulnerable PCs. The best defense at this time is then to make sure browsers are up-to-date with security patches and protected through anti-exploitation techniques (sandboxing, for example).

Once on a system, Mebroot will be very hard to detect, thanks to its MBR infection approach. Most current antiviruses have long stopped worrying about MBR infection. Once installed, the Trojan Horse will download additional adwares and spywares on the system. Those will of course be easier to detect, but nothing prevents Mebroot to download more of them while it owns the system.

According to Verisign's iDefense and Symantec, at least 5000 systems have been infected at this time. The infection rate might start to slow down now that media attention and AV experts interest is high and antivirus vendors update their products to deal with the threat.