Print this page
Email this to a friend
Discuss this article (0 Comments)Virus stealing financial data from Windows PCs
by This email address is being protected from spam bots, you need Javascript enabled to view it on Tuesday, 22 January 2008
Windows PC users are being warned about a clever new virus that can steal online bank account login details.
According to software security specialists, the malicious program has already attacked over 5,000 victims recently, mostly in Europe; however users in the Middle East are also at risk.
The malicious program, which hides deep within the Windows OS to avoid detection, is a type of virus known as a rootkit, and tries to overwrite the part of a PC's hard disk known as the Master Boot Record (MBR).
"If you can control the MBR, you can control the operating system and therefore the computer it resides on," said Elia Florio on security company Symantec's blog.
Once installed, the virus - dubbed ‘Mebroot' by Symantec - downloads other malicious programs such as keyloggers, which track and record key strokes to steal confidential data such as login details for financial institutions.
Computers that run Windows XP/Vista/Server 2003 and Windows 2000 and are not fully patched are all thought to be vulnerable to the virus.
According to McAfee's EMEA security strategist, Toralv Dirro, "The basic Trojan functionality, capturing information such as passwords etc., is neither new nor unusual. What's new is the way the Trojan installs itself on a system and how the rootkit portion of the Trojan works. This Trojan modifies the first code that is run when a PC starts up and maintains control all the way through the boot process. While there have been so-called proof-of-concepts before, this is the first time we are seeing this method used in practice."
Dirro added: "It is not possible to remove this Trojan while it's active, so to get rid of it, it's necessary to boot the computer from the Windows CD and enter the recovery console, making removal very expensive and time-consuming."
Symantec's regional team meanwhile offered the following advice:
To prevent this threat hitting your PC, run your Windows OS using a limited account (e.g. a standard user account, with non-administrative privileges). If using Vista, keep UAC enabled and don't allow suspicious operations on your system. And of course, keep AV software updated.
"At present the threat is detected with the following names: Trojan.Mebroot and Boot.Mebroot. To repair or remove this malware, boot your PC from the ‘Windows Recovery Console CD-ROM' and use the command ‘fixmbr'." Further details are on Symantec's website .
READERS' COMMENTS
MORE FROM ARABIANBUSINESS.COM
TOP IN MIDDLE EAST TECHNOLOGY
TOP MIDDLE EAST BUSINESS STORIES
ALSO IN MIDDLE EAST TECHNOLOGY
LATEST MIDDLE EAST BUSINESS NEWS
- Travel & Hospitality: Etihad set to step up relief flights from Thailand
- Banking & Finance: DIFC Investments repays $500mn loan in full
- Energy: Major Asian oil consumers welcome cheaper oil
- Financial Markets: Saudi index falls over US economy concerns
- Politics & Economics: India demands handover of Mumbai suspects
RELATED STORIES
Virus
1 storySecurity
3 stories- Microsoft issues Excel bug warning
21 Jan '08 | News - Security spending tops $250 million says IDC
15 Nov '07 | News
Symantec
| 112 stories- A chat with Thompson
16 Nov '08 | Interviews - The Spam Report, November 2008
6 Nov '08 | Features - Con game, blame game
27 Oct '08 | Features
Symantec Corporation
| 52 stories- Criminals build $276 million underground economy
26 Nov '08 | News - Policy patrol
25 Oct '08 | Features - Symantec looking to protect families online
22 Oct '08 | News
Mobile
EMIRATES ID DOWNLOAD
