Sunday, January 13, 2008

This is not good

It looks like hackers have developed a brand spanking new type of maleware to take control of your Master boot record (it tells your computer which programs to run when you star-up).

The malicious program is a type of virus known as a rootkit and it tries to overwrite part of a computer's hard drive called the Master Boot Record (MBR).

This is where a computer looks when it is switched on for information about the operating system it will be running.

"If you can control the MBR, you can control the operating system and therefore the computer it resides on," wrote Elia Florio on security company Symantec's blog.

Ok, it's a root kit, right? here's where it gets bad (worse):

Once installed the virus, dubbed Mebroot by Symantec, usually downloads other malicious programs, such as keyloggers, to do the work of stealing confidential information.

Most of these associated programs lie in wait on a machine until its owner logs in to the online banking systems of one of more than 900 financial institutions.

The Russian virus-writing group behind Mebroot is thought to have created the torpig family of viruses that are known to have been installed on more than 200,000 systems. This group specialises in stealing bank login information.


Analysis of Mebroot has shown that it uses its hidden position on the MBR as a beachhead so it can re-install these associated programs if they are deleted by anti-virus software.

Although the password-stealing programs that Mebroot installs can be found by security software, few commercial anti-virus packages currently detect its presence. Mebroot cannot be removed while a computer is running.

Did you catch that last sentience?
Mebroot cannot be removed while a computer is running.

Which means at least a trip to the GeekSquad of your choice to get rid of it.
But after re-reading the article, it looks like if you're not using IE, AND your updates are...up to date, you shouldn't have much to worry about.

No comments:

Post a Comment