Dangerous rootkit collecting data on rise
Security experts are warning about a stealthy Windows virus that steals login details for online bank accounts. In the last month, the malicious program has racked up about 5,000 victims – most of whom are in Europe. The malicious program is a type of virus known as a rootkit and it tries to overwrite part of a computer’s hard drive called the Master Boot Record (MBR). Once installed the virus, dubbed Mebroot by Symantec, usually downloads other malicious programs, such as keyloggers, to do the work of stealing confidential information. Most of these associated programs lie in wait on a machine until its owner logs in to the online banking systems of one of more than 900 financial institutions.
The Russian virus-writing group behind Mebroot is thought to have created the torpig family of viruses that are known to have been installed on more than 200,000 systems. This group specialises in stealing bank login information. Security firm iDefense said Mebroot was discovered in October but started to be used in a series of attacks in early December. Between 12 December and 7 January, iDefense detected more than 5,000 machines that had been infected with the program. As it installs through security holes in Microsoft Explorer, it’s just another reason to use Firefox or Opera…
Source: BBC
Comments(44)
Now you got me worried about online banking o no ill have to put more security on now.
this doesnt work for me..i don’t have accounts on paypal and etc…I only surf and download stuff on the internet….perhaps my pc now is a zombie or one of the root kits…hehehe
hmmm, think I will run a scan on my pc:/
WTf..
I live in europe and i have nod32 u think that tat will pick it up?
Those crazy Russians are always at it…
@ Martin…can u state categorically where it was confirmed as Microsoft internet explorer flaw. We are talking about rootkit here. No need to be anti-MS here.
Hehe.. i read the info above ->
Comments (6)
Feel free to post your Dangerous rootkit collecting data on rise torrent, subtitles, samples, free download, quality, NFO, Rapidshare, crack, serial, requirements or whatever-related………….
OT: Another good reason to use Linux !!
YES! But Firefox 2.0.0.11 is so slow! I have to wait 2+min to load a single web page, not to mention that when I try multiple tabs the browser just freeze! The same thing happens in XP and also in Vista! I have no problem with IE7! Its very responsive and pages are loading almost instantly! I tried to reinstall FF, uninstall addons, scripts etc.! But nothing helped! Anyway I heard that FF has its own security flaws!
That is the strangest problem with Firefox I’ve ever heard… something’s wrong with your computer… seriously.
this was on the BBC website. what is missing from rlslog is info on how to delete this footkit as it can’t be deleted while the comp is turned on. go to http://www.gmer.net/index.php for more info, and a scan
i’m on linux thus safe ;>
sorry, thats rootkit not footkit
> this was on the BBC website. what is missing from rlslog is info
> on how to delete this footkit as it can’t be deleted while the
> comp is turned on.
LOL, funny, how do you remove something from memory without any power source?
but yeah, trashing the thing is probably the safes method here
hmmm i had an mbr virus in my comp a handy way to find it i check if ur hidden folders is working oif not then get avg free andc run scans in safe mode 1nce found u,ll need to reput ur autorun.ini in every drive it infects then scan all other devices connected earlier cause 100% it jumped anyways thats how u get rid of the 1 i had over the cpast months.
2+ minutes to load a single page? i’m on 2.0.0.11 right now and it takes about 3/4th of a second, and i don’t even have a modern pc, it’s a 2001 compaq, 933mhz 512mb ram, etc, etc and it’s not even that bad, your pc’s messed up
I’m becoming quite outraged by Paypal’s absolute *LACK* of willingness to protect their crappy online banking system. I have had a lengthy mail conversation with them a couple of months ago about exactly this and they are *NOT* willing to take any extra security measures.
The whole problem of the fact is : Paypal ‘enables’ people in europe (and USA too) to directly connect your bank account to an email address and password! Also, they have a ‘feature’ that enables you to keep deducting money off of your paypal account after your balance becomes 0.
This way, if your average russian hacker has logged your paypal login, he can just start buying stuff for €500,- and it’s GONE. We’ve came such a long way in Europe with security for banking (challenge/response stuff etc) and paypal throws it all down the drain under false claims of security…
I did a scan with outpost security pro the other day and found something called “Rootkit.agent.UIP” i got it quarantined and deletet it afterwards with the progam.Is this something similar or the exact thing being talked about?Iv never had a trojan before nor a rootkit so i dont know what it does even.
@ philips14c
Yep, FF is slow and funky at times. I only use it for development.
The fastest one is Opera. Works as a charm.
I used IE for years and it is a huge pain.
Shouldn’t hard core nerds use Lynx?
I don’t, I’m just är n00b. FF 2.0.0.11 with some extentions works fine for me.
@16
check if ur bank supports giropay..that way if ur paypal account is zero…u will need to put TAN(transaction number) to get money off ur account.
i love when peeps say im happy i use linux cause i don’t get infected……MAYBE YOU JUST DON’T NOTICE IT!!!
use sandboxie…
@jared
It’s not just me! There are many users on forums that have the same problem! FF 2.0.0.11 is slow! Its something about Javascript engine support and memory leaks! The first few days after I’ve installed FF everything was fine but after that surfing the net was slower and slower.. Now I’ve installed an old 2.0.0.2 version that it seems to work better! Still IE7+IE7Pro addon is faster in loading pages!
The only reason Linux is not an attack vector is because so few people use it. The advantage Windows has is that its security flaws are being identified because of its massive user base. Who knows how many security flaws are going undetected in Linux and Mac OS…
THE reason to use TOKEN DEVICES for BANK access
youre gonna have to pry firefox from my cold dead hands. i love this browser. come a long way from some prehistoric version of IE, then used opera for years, but the plugin system and especially the security features make firefox an absolute win in my eyes. loads pretty fast, too. luv it.
Use this to detect if you’ve got any rootkits.
http://download.sysinternals.com/Files/RootkitRevealer.zip
@27 wah
I dont to nag about but is any good any program dated back in 2005? I mean in terms of dealing NEW kind of threats.
For anyone interested in the facts in the source article, here it is:
http://news.bbc.co.uk/2/hi/technology/7183008.stm
For some reason, RLSLog won’t post a LINK to their source articles, which would be helpful to clear up questions.
@28 Gees
as long as that program’s up-to-date. Usually they either release periodic updates/patches/lists/databases to keep up to date ASAP. If you’re worried then check out: http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx. More current info on rootkits and resources on how to deal with all sorts.
bad link
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx#top
Thnx Wah. I’ll surely check it out.
I’m glad i’m not in Europe, haha
dam something else to worry about!
again, about time to nuke russia
Moshster: Stupidest argument I have ever read. Your fantastic Microsoft loves to hide and deny security issues and wait 6 months to release them as one big patch, making it look like there are fewer issues than there really are. Security issues on Linux as a whole are low, issues with single software applications do occur from time to time but are usually fixed in under a week. I’d love to know where you get your info from besides right out of your as$ to make such ignorant claims.
all browsers have absolutely critical flaws, many of which have been open for YEARS because coding against them means mas$ive rewrites of code (ie6 is especially bad, and more than half of all ie versions are 6). Yes, you need Linux. It is not true that the only reason linux is more secure is because it is less popular(not popular on the desktop for consumer use, extremely popular with big corps, gov agencies world wide, etc), it is because windows uses a sh*tty access model whereas *nix like environments uses a tried and true kernel system… and many hardcore agencies build excellent software/mods to make linux pretty bomb proof… such as the NSA’s SELinux http://en.wikipedia.org/wiki/SELinux (which is complete security overkill if you have used it you would know).
Get linux.
ubuntu.com
fedoraproject.org
knoppix.org
Russians and Armenians… wow they will do anything to get your bank account info.
they bring shame to me :/
since i am one
Thanks Sony for fuking the world with your rootkit idea. anyway, if you need to find a rootkit, use this from MS:
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
Umm… root kits existed long before sony.
But good attempt.
I was rooted back in 2006 and let me tell you, it wasn’t a pleasant experience, my whole pc went loony. Looks like it’s time to put that pcbsd install to use and learn unix.
stupid Europeans. them Russians can’t touch us Americans.
Too many flaws in MS software…
@42
Yeah right!
Microsoft Explorer ??? the explorer.exe or the internet explorer ??