ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Global Tech Threats

Criminal gang spreads Trojan-protecting rootkit

Liam Tung ZDNet Australia

Published: 09 Jan 2008 09:25 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A criminal gang that specialises in the theft of banking information through Trojans is attempting to protect its work by spreading a rootkit that veils malware.

Until late in December 2007, the Master Boot Record (MBR) rootkit had been a proof of concept but it is now being used by criminals. However, director of intelligence at VeriSign's iDefense division, Rick Howard, said that since 12 December, 5,000 infections have occurred.

The rootkit, which is being hosted on seemingly innocent websites and transmitted via malicious iFrames, can hide numerous other dangerous Trojans, according to VeriSign.

Read this

Feature
Special report: Anatomy of a hack attack

We recreate a typical attack on two large organisations

Read more +

MBR delivers its payload by modifying an infected computer's Master Boot Record, allowing the program to run before Windows boots.

"This rootkit is especially damaging due to the difficulty involved in removing it… [and it] contains several exploits used to install the rootkit on unpatched victim computers," warned VeriSign.

Exploits include Microsoft JVM ByteVerify, two versions of Microsoft MDAC to cater for multiple Windows systems, Microsoft Internet Explorer Vector Markup Language, and Microsoft XML CoreServices.

The MBR rootkit does not appear as a single file, which means the code can be spread across different sectors of a disk and therefore cannot be deleted as a usual file, according to research by GMER, which has developed a fix that is available through Microsoft.

"The most effective defence against the rootkit installation is to maintain patches for Windows and all third-party applications. The GMER anti-rootkit tool is able to detect the current variants of this rootkit," said VeriSign.

The group using MBR has also been known to use the information-stealing banking Trojan, Torpig, which has infected over 200,000 victims.

Credit: Trojan-protecting rootkit goes wild from ZDNet Australia

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell
Global Tech Threats

Did you find this article useful?
7 out of 7 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



More in this Special Report

Governments prepare for 'cyber cold war'

Governments prepare for 'cyber cold war'

There has been a sea change over the past year in the amount of government-sanctioned cyber-espionage, according to some security experts. more

MI5 warns of Chinese digital espionage

MI5 warns of Chinese digital espionage

MI5 has issued a warning to UK businesses that spies in China are conducting a campaign of cyber-espionage against them. more

Burglars plunder Verizon's London data centre

Burglars plunder Verizon's London data centre

Criminals posing as policemen conned their way into a data centre near London's King's Cross station, tying up staff and stealing computing equipment, the Metropolitan Police said on Friday. more

Cyberterrorism: Myth or reality?

Cyberterrorism: Myth or reality?

Following recent accusations of government-sanctioned digitial espionage and alleged hacking attacks from China and Russia, there seems to be evidence that countries are capable of using electronic means to disrupt the computer systems of rival nations. more

Explaining the Estonian cyberattacks

Explaining the Estonian cyberattacks

When it comes to denial-of-service attacks, Jose Nazario has seen just about everything. more

The worst IT security incidents of 2007

The worst IT security incidents of 2007

Despite the message being driven home by governments, consumer groups and industry bodies that IT security is paramount, this year has thrown up a worrying number of serious breaches. more

Cracking open the cybercrime economy

Cracking open the cybercrime economy

Hacking for fun has evolved into hacking for profit, and created a business model that is nearly as sophisticated as that of legal software more

Countering corporate espionage

Countering corporate espionage

Theft of commercially valuable information costs the world's largest companies over £22bn a year, and small firms are just as vulnerable. How can you mitigate the risks to your company? more

Anatomy of a hack attack

Anatomy of a hack attack

With the help of security experts we reconstruct a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case more

Storm worm anniversary brings fresh variants

Storm worm anniversary brings fresh variants

The first anniversary of the Storm worm has brought a fresh wave of variants, security companies have warned more

CIA: Cyberattack caused multi-city blackout

CIA: Cyberattack caused multi-city blackout

The CIA has warned of successful attacks against various countries' critical national infrastructures more

Schneier: Cyber-extortion on the rise

Schneier: Cyber-extortion on the rise

The security expert has warned of an increase in cyber-extortion, but added there is no need for panic about attacks on critical national infrastructures more

Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

Senior Java Developer

Experience in developing connections to ECNS, experience in FIX Use of open source Java technologies (e.g. Developer to develop, evolve and support ...

Project Management Office Assistant investment bank London

The candidate must have extensive investment banking experience preferably within a similar team ideally with FIX and Fidessa Experience. One of ...

Leading Investment Bank seeks Senior C#/C++ developer to join team

Banking You will have a proven track record in C#/C++ development, Martini Trading system (also knowledge of Martini 3rd party Unix processes, ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

2 comments

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers