Browse > Home / Blog article: “Mebroot” infects master boot record (MBR) steals banking information

“Mebroot” infects master boot record (MBR) steals banking information

By Janine de Blois

March 6, 2008

Mebroot has been deliberately installed at websites controlled by the criminals and targets those website visitors who have not patched their computers with the latest security updates from Microsoft.

Leading security firm iDefense has said that Mebroot was discovered in October 2007, but only started to be used in a series of attacks in early December 2007.

Several security sites say the earlier ones were test versions. It appears the Mebroot has passed its initial testing and, though not yet widespread is now launching itself in earnest.

The Russian virus-writing group behind Mebroot is are specialists in stealing bank login information. Once Mebroot installs itself on the vulnerable computer, it then contacts a remote server on the internet and downloads additional malware called “key loggers”.

These special software programs are designed to capture all your passwords and login information and send it back to the cyber criminals.

Mebroot cannot be removed while a operating system is running. However running the “fixmbr” command from within the Windows Recovery Console successfully removes the malicious MBR entry. GMER provides a removal tool for this and other rootkets.http://www.gmer.net/index.php

Click here to discuss this: Security Forums

Filed Under Computer Security, IT Security, Internet Security News, Malware 
Tagged:



Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL

ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL


Related posts to "“Mebroot” infects master boot record (MBR) steals banking information":



Comments

Got something to say?





Visited 389 times, 3 so far today