Myjoyonline News
 Home Page
 General News
 Business
 Politics
 Sports
 Health
 Education
 Articles/Features
 Science & Technology
 Entertainment
 Travel/Tourism
 Africa & International
 Nations Cup 2008
 
 
Warning! Stealthy Windows virus
Last Updated: Friday, 11 January 2008, 17:27 GMT Previous Page
 
Myjoyonline Ghana News Photos |
 
Email   Print
Have Your Say ( )  
 
 
 
Security experts are warning about a stealthy Windows virus that steals login details for online bank accounts.

In the last month, the malicious program has racked up about 5,000 victims - most of whom are in Europe.

The creators of the virus are after bank logins and personal data and are falling victim via booby-trapped websites that use vulnerabilities in Microsoft's browser to install the attack code.

Experts say the virus is dangerous because it buries itself deep inside Windows to avoid detection.

Old tricks

The malicious program is a type of virus known as a rootkit and it tries to overwrite part of a computer's hard drive called the Master Boot Record (MBR): where a computer looks when it is switched on for information about the operating system it will be running.

"If you can control the MBR, you can control the operating system and therefore the computer it resides on," wrote Elia Florio on security company Symantec's blog.

Mr Florio pointed out that many viruses dating from the days before Windows used the Master Boot Record to get a grip on a computer.

Once installed, the virus, dubbed Mebroot by Symantec, usually downloads other malicious programs, such as keyloggers, to do the work of stealing confidential information.

Most of these associated programs lie in wait on a machine until its owner logs in to the online banking systems of one of more than 900 financial institutions.

The Russian virus-writing group behind Mebroot is thought to have created the torpig family of viruses that are known to have been installed on more than 200,000 systems. This group specialises in stealing bank login information.

Security firm iDefense said Mebroot was discovered in October but started to be used in a series of attacks in early December.

Between 12th December and 7th January, iDefense detected more than 5,000 machines that had been infected with the program. Analysis of Mebroot has shown that it uses its hidden position on the MBR as a beachhead so it can re-install these associated programs if they are deleted by anti-virus software.

Although the password-stealing programs that Mebroot installs can be found by security software, few commercial anti-virus packages currently detect its presence. Mebroot cannot be removed while a computer is running.

Independent security firm GMER has produced a utility that will scan and remove the stealthy program.

Computers running Windows XP, Windows Vista, Windows Server 2003 and Windows 2000 that are not fully patched are all vulnerable to the virus.


SOURCE: BBC

  Send to a Friend     Printer Friendly Page

 
  Popular Stories



Search Our Website
 
 
 
OTHER TECHNOLOGY STORIES
May-5   International lighting industry meets in Ghana
May-3   District Information Officers urged to make use of ICT
Apr-30   Web in infancy, says Berners-Lee
Apr-29   Loopholes keep Windows XP alive
Apr-23   Ghana to host third e-Learning Africa Conference
Apr-12   Legon students build cooling tower
Apr-12   Government urged to check importation of e-waste
Apr-3   Africa needs better meteorological services
Mar-26   Ghana’s communication backbone completed
Mar-24   $20 million for bio-diesel in Ghana
Mar-13   Observation stations set to monitor weather
Mar-12   Sub-Regional countries draw on VRA’s rich expertise
Mar-10   ICT centre for East Gonja District
Mar-1   Finding oil brings enormous challenges – Addae-Mensah
Feb-25   Solar factory soon in Ghana
 
 
 
  Home    |   About Myjoyonline.com   |   Contact Us   |     Feedback   |    Advertise with Us   |    News Archives