Sneaky New Windows Virus Steals Financial Data

[csv8]

Sneaky New Windows Virus Steals Financial DataPosted Jan 14th 2008 11:37AM by Terrence O'Brien
Filed under: Computers



Warning -- a new virus is making its way around the Internet. The virus, dubbed Mebroot, lodges it self in the Master Boot Record (MBR), a part of the hard drive responsible for loading the operating system, where it is out of the reach of most anti-virus software.

The virus itself doesn't actually harm a PC, but it does load other software on the computer, including key-loggers that are triggered when a user visits any of 900 financial institutions' Web sites. The virus then captures the user's log-on information and sends it back to the virus writers, who specialize in stealing confidential information.

The virus is classified as a root kit, meaning it hijacks the administrator functions on the computer and evades detection by normal scanning methods, in this case by hiding in the MBR. Few anti-virus programs can detect the virus, and none can remove it. Because of its location in the MBR, the virus cannot be removed once the computer has been booted.

That said, an independent company GMER has developed software that can scan for and remove the rootkit.

[EASYBOSS]

Quote:

Originally Posted by csv8

Sneaky New Windows Virus Steals Financial DataPosted Jan 14th 2008 11:37AM by Terrence O'Brien
Filed under: Computers



Warning -- a new virus is making its way around the Internet. The virus, dubbed Mebroot, lodges it self in the Master Boot Record (MBR), a part of the hard drive responsible for loading the operating system, where it is out of the reach of most anti-virus software.

The virus itself doesn't actually harm a PC, but it does load other software on the computer, including key-loggers that are triggered when a user visits any of 900 financial institutions' Web sites. The virus then captures the user's log-on information and sends it back to the virus writers, who specialize in stealing confidential information.

The virus is classified as a root kit, meaning it hijacks the administrator functions on the computer and evades detection by normal scanning methods, in this case by hiding in the MBR. Few anti-virus programs can detect the virus, and none can remove it. Because of its location in the MBR, the virus cannot be removed once the computer has been booted.

That said, an independent company GMER has developed software that can scan for and remove the rootkit.

Hmmmmmmmmmm sounds sus do you work for GMER? surley other anti-virus software will/can catch this. Are you realy sure in what you are saying

[Homer]

http://www.symantec.com/security_res...217-99&tabid=1

[Daymoe]

Quote:

Threat Assessment
Wild

* Wild Level: Low
* Number of Infections: 0 - 49
* Number of Sites: 0 - 2
* Geographical Distribution: Low
* Threat Containment: Easy
* Removal: Easy

Damage

* Damage Level: Low

Distribution

* Distribution Level: Low

Writeup By: Elia Florio

Coming from Symantec who did a pretty crappy A/V program until recently. So it can't be too hard to detect and remove haha.

[fordAU]

There is a comprehensive explantion of rootkits and ways to combat them by Kaspersky labs.
http://www.viruslist.com/en/analysis?pubid=168740859

If concerned I recommend to scan your PC with Kaspersky, this AV is very good, one of the few programs I would recommend.
http://www.kaspersky.com/

[farah9]

Yeah, AVG has a free root kit remover you can download, I'd say it would get rid of it fairly easy.

[charles_wif_xf]

Quote:

Originally Posted by 90sFTW

Coming from Symantec who did a pretty crappy A/V program until recently. So it can't be too hard to detect and remove haha.

Their anti virus program still sucks the big one. If anything, it's worse. I pulled it from the shelves after I installed it on my PC. Slowed it down to a bloody crawl. It really is a pathetic program.

[AusM]

Good site to compare AV programs:
http://www.av-comparatives.org/

[the_scotsman]

Quote:

Originally Posted by charles_wif_xf

Their anti virus program still sucks the big one. If anything, it's worse. I pulled it from the shelves after I installed it on my PC. Slowed it down to a bloody crawl. It really is a pathetic program.

I disagree completetly....I beta test for Symantec...and tested their Norton 2008 A/V and Internet Security Suite....the 2008 versions are the best Norton products I have ever used...they are the least resource hungry Norton Products ever...the security suite shits over even programs like Kaspersky for performance IMO.

[Fev]

ive got AVG and everyone i know raves about it.. i dont really pay attention to it though