virus alert

justlucy · 14-04-08, 06:44 AM

Security experts are warning about a stealthy Windows virus that steals login details for online bank accounts.

In the last month, the malicious program has racked up about 5,000 victims - most of whom are in Europe.

Many are falling victim via booby-trapped websites that use vulnerabilities in Microsoft's browser to install the attack code.

Experts say the virus is dangerous because it buries itself deep inside Windows to avoid detection.

Old tricks

The malicious program is a type of virus known as a rootkit and it tries to overwrite part of a computer's hard drive called the Master Boot Record (MBR).

This is where a computer looks when it is switched on for information about the operating system it will be running.

"If you can control the MBR, you can control the operating system and therefore the computer it resides on," wrote Elia Florio on security company Symantec's blog.

Mr Florio pointed out that many viruses dating from the days before Windows used the Master Boot Record to get a grip on a computer.

Once installed the virus, dubbed Mebroot by Symantec, usually downloads other malicious programs, such as keyloggers, to do the work of stealing confidential information.

Most of these associated programs lie in wait on a machine until its owner logs in to the online banking systems of one of more than 900 financial institutions.

The Russian virus-writing group behind Mebroot is thought to have created the torpig family of viruses that are known to have been installed on more than 200,000 systems. This group specialises in stealing bank login information.

Security firm iDefense said Mebroot was discovered in October but started to be used in a series of attacks in early December.

Between 12 December and 7 January, iDefense detected more than 5,000 machines that had been infected with the program.

Analysis of Mebroot has shown that it uses its hidden position on the MBR as a beachhead so it can re-install these associated programs if they are deleted by anti-virus software.

Although the password-stealing programs that Mebroot installs can be found by security software, few commercial anti-virus packages currently detect its presence. Mebroot cannot be removed while a computer is running.

Independent security firm GMER has produced a utility that will scan and remove the stealthy program.

Computers running Windows XP, Windows Vista, Windows Server 2003 and Windows 2000 that are not fully patched are all vulnerable to the virus. There is a programme called catch me that you can download this does a scan to see if you are clean

14-04-08, 06:44 AM	#1 (permalink)
justlucy Senior Member Join Date: Apr 2008 Location: Planet Janet Kent Posts: 239	virus alert Security experts are warning about a stealthy Windows virus that steals login details for online bank accounts. In the last month, the malicious program has racked up about 5,000 victims - most of whom are in Europe. Many are falling victim via booby-trapped websites that use vulnerabilities in Microsoft's browser to install the attack code. Experts say the virus is dangerous because it buries itself deep inside Windows to avoid detection. Old tricks The malicious program is a type of virus known as a rootkit and it tries to overwrite part of a computer's hard drive called the Master Boot Record (MBR). This is where a computer looks when it is switched on for information about the operating system it will be running. "If you can control the MBR, you can control the operating system and therefore the computer it resides on," wrote Elia Florio on security company Symantec's blog. Mr Florio pointed out that many viruses dating from the days before Windows used the Master Boot Record to get a grip on a computer. Once installed the virus, dubbed Mebroot by Symantec, usually downloads other malicious programs, such as keyloggers, to do the work of stealing confidential information. Most of these associated programs lie in wait on a machine until its owner logs in to the online banking systems of one of more than 900 financial institutions. The Russian virus-writing group behind Mebroot is thought to have created the torpig family of viruses that are known to have been installed on more than 200,000 systems. This group specialises in stealing bank login information. Security firm iDefense said Mebroot was discovered in October but started to be used in a series of attacks in early December. Between 12 December and 7 January, iDefense detected more than 5,000 machines that had been infected with the program. Analysis of Mebroot has shown that it uses its hidden position on the MBR as a beachhead so it can re-install these associated programs if they are deleted by anti-virus software. Although the password-stealing programs that Mebroot installs can be found by security software, few commercial anti-virus packages currently detect its presence. Mebroot cannot be removed while a computer is running. Independent security firm GMER has produced a utility that will scan and remove the stealthy program. Computers running Windows XP, Windows Vista, Windows Server 2003 and Windows 2000 that are not fully patched are all vulnerable to the virus. There is a programme called catch me that you can download this does a scan to see if you are clean __________________ IT DOES'NT HURT TO SAY THANKS FEEL FREE TO TIP MY SCALES WHEN I FULFILL YOUR NEEDS !!!

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
virus programs	the simpsons	PC Hardware	13	27-12-07 02:31 AM
Joke: Is Windows a virus?	yashved	Jokes, Puzzles & Games	0	28-12-06 07:14 AM
New virus spreading like wildfire.	nanochickin	Jokes, Puzzles & Games	1	04-11-06 05:20 PM
Apple iPods hit by Windows virus!?!	BGonaSTICK	The Lounge	0	18-10-06 12:30 PM
virus problem	fireman	PC Software	1	23-11-05 03:21 PM


Technology Forums: FTA, Satellite, Cable, Home Media, Hardware & Computers \| Home \| Forums \| News \| Blog \|