Well hidden and impossible to discover: but when you log onto the online banking service, Mebroot wake up.
A new virus is able to hide on your PC and wake up when you log into your bank.
Over 100 European online banks will be attacked by the virus known as Mebroot.
Transmitter via website's.
Mebroot is more than a virus. The experts call it a malware operating system. Malware is the term it-industry uses for malware, while the virus is actually a non-technical generic term.
This program infects users of that code is "smuggled" into the popular sites. When, so these sites is clicked on by users, the malicious code imperceptibly transferred to the user machine.
Upwards of 50,000 sites a day have been infected by Mebroot.
Very complicated.
F-Secure and Symantec, the two security companies that have discovered and researched Mebroot, believes that Mebroot is the most advanced and accurate hostile computer program they have seen so far.
It is still not revealed who is behind, but it is very complicated technology that is used. The program is invisible to antivirus programs and uses advanced encryption.
This allows an infected computer "talk" with other computers and organizing an united attack.
Immune to antivirus.
The technique used by Mebroot program is mildly terrifying. Miko Hyppönen, a renowned Finnish security expert, explains how it works in his blog:
The program installs itself on the deepest level of Windows and writes its own startup code.
When an infected machine is started up, loaded Mebroot first, unless this is indicated through the Windows startup. Mebroot hides all the changes it makes in the infected system and take advantage of undocumented features of Windows
The program creates a complex system for network communication. Large parts of the program code is very well hidden.
The program installs itself on the deepest level of Windows and writes its own startup code.
The program creates a complex system for network communication. Large parts of the program code is very well hidden.
Avoid analysis.
By using a very complex installation mechanism bypassed security software and an automated analysis is difficult. Therefore, it is virtually impossible for ordinary antivirus programs to detect the malicious program code.
Machines that are infected, are part of a network of hijacked computers. Communication with other computers (in a so-called botnets) are encrypted with high-level encryption.
The hostile program is good quality assured. According to F-Secure crashes Mebroot never machine it infects, even if it is running on your computer's kernel space.
Renewing constantly.
The people behind Mebroot has registered over 1000 com / net / biz domains used in communication with other hijacked machines.
Mebroot attacks over 100 European online banks by trying to steal money from users while they are logged on with infected machines, according to F-Secure.
Symantec has posted a recipe and a tool to remove Mebroot.
Download Mebroot removal tool here.
But according to F-Secure is it since this fix was made last winter, made several changes and "improvements" of the hostile program. The development of Mebroot is explained in technical detail in a document from F-Secure.
