Print
Discuss
Send to friend
RSS feeds
Daily news podcast
Criminals have launched what security companies are calling one of the most dangerous attacks on Windows PCs they have ever seen.
The rootkit, known as Mebroot, is sophisticated and uses a technique not seen for a number of years.
According to Symantec, Mebroot, which has so far snared at least 5,000 victims in Europe, is so complex that if a PC has been infected, even up-to-date anti-virus software cannot detect it.
This is because it overwrites part of the computer hard disk known as the Master Boot Record (MBR); once it has this control, it ensures any installed security software cannot touch it.
F-Secure's chief research officer Mikko Hypponen told Computeractive that security experts still haven't got to the bottom of everything Mebroot can do.
"This attack has taken us by surprise. Nobody expected it. The attack is very complex and sophisticated. When we were putting our forecasts together a few weeks ago, nobody thought about criminals using the MBR as a means of attack. It was last seen in the 1980s when the attacks were not that sophisticated, " he said.
Mebroot, which is designed to steal personal information and bank details, is embedded in legitimate websites.
If the latest updates and patches for browsers or the XP operating system have been applied, then anti-virus software can stop the rootkit and the associate malware such as keystroke loggers and others it downloads.
But if patches have not been applied the malware downloads to a PC and then hides from security software. It can be removed quite simply, according to Hypponen, but currently only by the user rewriting the MBR.
Hypponen went on to say security firms are working hard to analyse the malware, so their software should be able to detect the rootkit and clean it up before too long. But he warned the success of Mebroot means there will be further attacks.
He said the current attacks appear to be mainly targeted at Italian websites and Windows XP, but organised crime was behind it and further attacks targeting Vista would be arise.
"Although this attack hasn't been widespread in the wild, being on forums and chatrooms, it has been successful. Criminals have been testing it and we will see copycat attacks," Hypponen warned.
"Also the criminals behind Mebroot have the money to launch new sophisticated attacks using MBR to hide their rootkits. The problem is the enemy has access to our weapons before we can see theirs."
All Hacking and Cyber-crime
del.icio.us
Digg this
reddit!
