Mebroot has been deliberately installed at websites controlled by the criminals and targets those website visitors who have not patched their computers with the latest security updates from Microsoft.
Leading security firm iDefense has said that Mebroot was discovered in October 2007, but only started to be used in a series of attacks in early December 2007.
Several security sites say the earlier ones were test versions. It appears the Mebroot has passed its initial testing and, though not yet widespread is now launching itself in earnest.
The Russian virus-writing group behind Mebroot is are specialists in stealing bank login information. Once Mebroot installs itself on the vulnerable computer, it then contacts a remote server on the internet and downloads additional malware called “key loggers”.
These special software programs are designed to capture all your passwords and login information and send it back to the cyber criminals.
Mebroot cannot be removed while a operating system is running. However running the “fixmbr” command from within the Windows Recovery Console successfully removes the malicious MBR entry. GMER provides a removal tool for this and other rootkets.http://www.gmer.net/index.php