Warning On Windows Rootkit Virus

Security companies are warning of a new Windows virus that hits the Master Boot Record, according to a story on the BBC.

 

Although first discovered last October, the virus, dubbed Mebroot, wasn’t activated until last month. Between December 12 and January 7, security firm iDefense discovered more than 5,000 infected computers.

 

Mebroot hides in an infected computer and tries to overwrite the Master Boot Record, a technique virus writers used pre-Windows.

 

"If you can control the MBR, you can control the operating system and therefore the computer it resides on," explained Elia Florio of Symantec.

 

Once on a computer, Mebroot downloads other malware, such as a keylogger, and once the user logs onto online banking, it begins harvesting information, such as passwords.

 

The problem is that while many anti-virus programs will detect and delete the other malware, they won’t find Mebroot, because of its position – and on top of that, it can’t be removed while the computer is running. However, GMER has produced a utility that can detect and remove it.

 

Who’s at risk? If you’re running versions of XP, Vista, Windows 2000 and Server 2003 that are unpatched, then you are.