BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Security

Security threats Toolkit

Criminal gang spreads Trojan-protecting rootkit

Tags:
Record,
Banking,
Boot,
Verisign

Liam Tung ZDNet Australia

Published: 09 Jan 2008 09:25 GMT

A criminal gang that specialises in the theft of banking information through Trojans is attempting to protect its work by spreading a rootkit that veils malware.

Until late in December 2007, the Master Boot Record (MBR) rootkit had been a proof of concept but it is now being used by criminals. However, director of intelligence at VeriSign's iDefense division, Rick Howard, said that since 12 December, 5,000 infections have occurred.

The rootkit, which is being hosted on seemingly innocent websites and transmitted via malicious iFrames, can hide numerous other dangerous Trojans, according to VeriSign.

Read this

Special report: Anatomy of a hack attack

We recreate a typical attack on two large organisations

MBR delivers its payload by modifying an infected computer's Master Boot Record, allowing the program to run before Windows boots.

"This rootkit is especially damaging due to the difficulty involved in removing it… [and it] contains several exploits used to install the rootkit on unpatched victim computers," warned VeriSign.

Exploits include Microsoft JVM ByteVerify, two versions of Microsoft MDAC to cater for multiple Windows systems, Microsoft Internet Explorer Vector Markup Language, and Microsoft XML CoreServices.

The MBR rootkit does not appear as a single file, which means the code can be spread across different sectors of a disk and therefore cannot be deleted as a usual file, according to research by GMER, which has developed a fix that is available through Microsoft.

"The most effective defence against the rootkit installation is to maintain patches for Windows and all third-party applications. The GMER anti-rootkit tool is able to detect the current variants of this rootkit," said VeriSign.

The group using MBR has also been known to use the information-stealing banking Trojan, Torpig, which has infected over 200,000 victims.

Credit: Trojan-protecting rootkit goes wild from ZDNet Australia

Governments prepare for 'cyber cold war'
MI5 warns of Chinese digital espionage
Burglars plunder Verizon's London data centre
Cyberterrorism: Myth or reality?
Explaining the Estonian cyberattacks
The worst IT security incidents of 2007
Cracking open the cybercrime economy
Countering corporate espionage
Anatomy of a hack attack
Storm worm anniversary brings fresh variants
CIA: Cyberattack caused multi-city blackout
Schneier: Cyber-extortion on the rise

Did you find this article useful?
7 out of 7 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

In association with Network Liberation Movement

Post a comment

Full Talkback thread

0 comments

More in this Special Report

Governments prepare for 'cyber cold war'

There has been a sea change over the past year in the amount of government-sanctioned cyber-espionage, according to some security experts. more

MI5 warns of Chinese digital espionage

MI5 has issued a warning to UK businesses that spies in China are conducting a campaign of cyber-espionage against them. more

Burglars plunder Verizon's London data centre

Criminals posing as policemen conned their way into a data centre near London's King's Cross station, tying up staff and stealing computing equipment, the Metropolitan Police said on Friday. more

Cyberterrorism: Myth or reality?

Following recent accusations of government-sanctioned digitial espionage and alleged hacking attacks from China and Russia, there seems to be evidence that countries are capable of using electronic means to disrupt the computer systems of rival nations. more

Explaining the Estonian cyberattacks

When it comes to denial-of-service attacks, Jose Nazario has seen just about everything. more

The worst IT security incidents of 2007

Despite the message being driven home by governments, consumer groups and industry bodies that IT security is paramount, this year has thrown up a worrying number of serious breaches. more

Cracking open the cybercrime economy

Hacking for fun has evolved into hacking for profit, and created a business model that is nearly as sophisticated as that of legal software more

Countering corporate espionage

Theft of commercially valuable information costs the world's largest companies over £22bn a year, and small firms are just as vulnerable. How can you mitigate the risks to your company? more

Anatomy of a hack attack

With the help of security experts we reconstruct a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case more

Storm worm anniversary brings fresh variants

The first anniversary of the Storm worm has brought a fresh wave of variants, security companies have warned more

CIA: Cyberattack caused multi-city blackout

The CIA has warned of successful attacks against various countries' critical national infrastructures more

Schneier: Cyber-extortion on the rise

The security expert has warned of an increase in cyber-extortion, but added there is no need for panic about attacks on critical national infrastructures more