Smart New Malware Targets E-Banking: Are You Ready?

3

Comments

+ Add a Comment
avatar

Caboose

I should show this article to my gf's cousin who doesn't believe in anti-virus software saying "In order to catch the virus, you gotta put it on your system first".

-= I don't want to be dead, I want to be alive! Or... a cowboy! =-

avatar

Block_Dude

Isn't the only way to modify the MBR with custom code is by booting from infected media (floppy, usb, cd/dvd)? I thought Windows doesn't even have access to it while the OS is running...can someone clarify?

avatar

Marcus_Soperus

It's a myth that changes to the MBR require booting from infected media. That was the method used by "classic" MBR infections such as Stoned, Michelangelo, Junkie and Tequila in the MS-DOS era, but as this article (also linked in the original post) points out: http://www.symantec.com/enterprise/security_response/weblog/2008/01/from_bootroot_to_trojanmebroot.html - it is now possible to infect the MBR with code launched from within Windows instead of with infected media. This is how Mebroot works.

This article also points out that you can remove Mebroot from a Windows XP-based machine by booting to the Recovery Console and using the command fixmbr.

To protect yourself against MBR infection, check to see if your system BIOS offers an option to write-protect the MBR. Enable this feature if it is disabled.
--------------------------------------
It's amazing how illogical a business built on binary logic can be.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.