Going Back To The Old Days
Charming news today. Older computer users are going to remember, not fondly, the old MS-DOS boot sector viruses that used to be fairly common. Newer users may not have even heard of them, as they haven't really been in use for some time now. Guess what? They're baaaack.
The malware, called Trojan.Mebroot by Symantec, installs itself on the first part of the computer's hard drive to be read on startup, then makes changes to the Windows kernel, making it hard for security software to detect it.
Criminals have been installing Trojan.Mebroot, known as a master boot record rootkit, since mid-December, and were able to infect nearly 5,000 users in two separate attacks, staged on Dec. 12 and Dec. 19, according to Verisign's iDefense Intelligence Team. In order to install the software on a victim's computer, attackers first lure them to a compromised Web site, which then launches a variety of attacks against the victim's computer in hopes of finding a way to run the rootkit code on the PC.
Once installed, the malware gives attackers control over the victim's machine.
The group behind this latest rootkit is the same one responsible for the Torpig Trojan, and it is believed to have already installed more than 250,000 Trojan programs, iDefense said in a report on the rootkit published Monday.
The interesting thing about Trojan.Mebroot is that it installs itself on the master boot record (MBR). This is the first sector of the computer's hard drive and it is the place the computer goes to first whenever it wants to boot up the operating system. "Basically, if you can control the MBR, you can control the operating system and therefore the computer it resides on," wrote Symantec researcher Elia Florio in a blog posting on Trojan.Mebroot.
This, coming at the same time as a MySpace hack has been exposed, isn't really great news.
Using a hacked MySpace profile, online criminals are trying to trick victims into downloading a malicious Trojan Horse program by disguising it as a Microsoft update, according to researchers at security vendor McAfee.
The attack is certainly not widespread– McAfee has seen it used on only one MySpace profile– but it does show how sites such as MySpace can be abused by criminals.
Web surfers are presented with what appears to be a popup window advising them to download the latest version of Microsoft's Windows Malicious Software Removal Tool, which was just released this Tuesday. This software is distributed by Microsoft to help Windows users rid their systems of malware.
In reality, the popup window is just part of a larger image that takes up most of the computer screen. If the user clicks anywhere on this image, his computer will then begin to download the Trojan program.
Wonderful. If you're not keeping your security and operating system updates current, you're likely to be - or soon become - part of the problem. Do yourself and everyone else a favor and make sure you are up-to-date on all the software you are using. If you can't be bothered to run updates for Windows, turn on the automatic feature. Please. My AV software howls like a banshee if it is only a day or so out of date on updates (I use Kaspersky).
Geek Stuff | Gaius Sunday, 13 January , 2008
By Anthony (Los Angeles), Sunday, 13 January , 2008 @ 11:41 am
I use AVG anti-virus, which does automatic daily updates when I first turn on the computer.
By Gaius, Sunday, 13 January , 2008 @ 11:48 am
Kaspersky updates something like 3-5 times each day. They have about the fastest response to new threats out there.