“Security experts are warning about a stealthy Windows virus that steals login details for online bank accounts,” BBC News reports. “In the last month, the malicious program has racked up about 5,000 victims – most of whom are in Europe.”
“Many are falling victim via booby-trapped websites that use vulnerabilities in Microsoft’s browser to install the attack code,” The Beeb reports. “Experts say the virus is dangerous because it buries itself deep inside Windows to avoid detection.”
“The malicious program is a type of virus known as a rootkit and it tries to overwrite part of a computer’s hard drive called the Master Boot Record (MBR),” The Beeb reports. “Once installed the virus, dubbed Mebroot by Symantec, usually downloads other malicious programs, such as keyloggers, to do the work of stealing confidential information.”
“Most of these associated programs lie in wait on a machine until its owner logs in to the online banking systems of one of more than 900 financial institutions,” The Beeb reports.
“The Russian virus-writing group behind Mebroot is thought to have created the torpig family of viruses that are known to have been installed on more than 200,000 systems. This group specialises in stealing bank login information,” The Beeb reports. “Although the password-stealing programs that Mebroot installs can be found by security software, few commercial anti-virus packages currently detect its presence. Mebroot cannot be removed while a computer is running.”
“Computers running Windows XP, Windows Vista, Windows Server 2003 and Windows 2000 that are not fully patched are all vulnerable to the virus,” The Beeb reports.
Full article here.
[Thanks to MacDailyNews Reader “Barry” for the heads up.]
MacDailyNews Note: For Mac users who run Windows: The Beeb reports that GMER “has produced a utility that will scan and remove the stealthy program.” GMER is an application that detects and removes rootkits on Windows NT/2000/XP/Vista. More info here.