[News] Infecting the MBR is now back in fashion - Linux

This is a discussion on [News] Infecting the MBR is now back in fashion - Linux ; http://news.bbc.co.uk/2/hi/technology/7183008.stm Warning on stealthy Windows virus Security experts are warning about a stealthy Windows virus that steals login details for online bank accounts. In the last month, the malicious program has racked up about 5,000 victims - most of whom ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: [News] Infecting the MBR is now back in fashion

  1. [News] Infecting the MBR is now back in fashion

    http://news.bbc.co.uk/2/hi/technology/7183008.stm

    Warning on stealthy Windows virus

    Security experts are warning about a stealthy Windows
    virus that steals login details for online bank
    accounts.

    In the last month, the malicious program has racked
    up about 5,000 victims - most of whom are in Europe.

    Many are falling victim via booby-trapped websites
    that use vulnerabilities in Microsoft's browser to
    install the attack code.

    Experts say the virus is dangerous because it buries
    itself deep inside Windows to avoid detection.

    Old tricks

    The malicious program is a type of virus known as a
    rootkit and it tries to overwrite part of a computer's
    hard drive called the Master Boot Record (MBR).

    This is where a computer looks when it is switched
    on for information about the operating system it will
    be running.

    [...]

    Once installed the virus, dubbed Mebroot by Symantec,
    usually downloads other malicious programs, such as
    keyloggers, to do the work of stealing confidential
    information.

    [...]

    Although the password-stealing programs that Mebroot
    installs can be found by security software, few
    commercial anti-virus packages currently detect its
    presence. Mebroot cannot be removed while a computer
    is running.

    Independent security firm GMER has produced a utility
    that will scan and remove the stealthy program.

    Computers running Windows XP, Windows Vista, Windows
    Server 2003 and Windows 2000 that are not fully patched
    are all vulnerable to the virus.

    [end excerpt]

    Yipes. Again.

    [1] Will Microsoft's patches work against this horror?

    [2] Will Microsoft want to use this virus as an excuse to
    implement Trusted Computing?

    [3] Will GRUB or LILO be counted thereby as a "virus"?

    [4] Can we scream loudly enough? ;-)

    Stay tuned.

    --
    #191, ewill3@earthlink.net
    People think that libraries are safe. They're wrong. They have ideas.
    (Also occasionally ectoplasmic slime and cute librarians.)

    --
    Posted via a free Usenet account from http://www.teranews.com


  2. Re: [News] Infecting the MBR is now back in fashion

    In comp.os.linux.advocacy, [H]omer

    wrote
    on Sun, 13 Jan 2008 12:43:19 +0000
    <8kdp55-vu3.ln1@sky.matrix>:
    > Verily I say unto thee, that The Ghost In The Machine spake thusly:
    >
    >> http://news.bbc.co.uk/2/hi/technology/7183008.stm

    >
    > Remember the good ol' days of Amiga boot sector viruses, Ghost?
    >
    > http://en.wikipedia.org/wiki/Lamer_E...computer_virus)
    >
    > Some things never change, it seems, on closed source systems at least.
    >


    I think my Amiga (A1000 at the time; I've since traded
    it in for a 2000, but I'm a little sorry I did now)
    got infected exactly once, at a trade show way way back.
    Since it had no hard drive it wasn't that much of a worry
    -- and my coax network side's not working all that well
    anyway. If I were in the mood (and had funds) I would
    want new NICs for my Amiga side to plug into my switch.

    Nowadays, a bootsector virus could get interesting, as it
    can use the Internet to propagate. At least with Linux it
    would have to compromise root to rewrite the boot sector,
    on a properly secured system.

    But ah, those were the days, when men were real men, women
    were real women, and the Amiga was a real computer. :-)

    --
    #191, ewill3@earthlink.net
    Useless C++ Programming Idea #23291:
    void f(item *p) { if(p != 0) delete p; }

    --
    Posted via a free Usenet account from http://www.teranews.com


  3. Re: [News] Infecting the MBR is now back in fashion

    [H]omer espoused:
    > Verily I say unto thee, that The Ghost In The Machine spake thusly:
    >
    >> http://news.bbc.co.uk/2/hi/technology/7183008.stm

    >
    > Remember the good ol' days of Amiga boot sector viruses, Ghost?
    >
    > http://en.wikipedia.org/wiki/Lamer_E...computer_virus)
    >
    > Some things never change, it seems, on closed source systems at least.
    >


    And the DOS ones, too. Of course, back then, before Microsoft-based
    computers were networked, it used to take some time for viruses to get
    around...

    --
    | Mark Kent -- mark at ellandroad dot demon dot co dot uk |
    | Cola faq: http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/ |
    | Cola trolls: http://colatrolls.blogspot.com/ |
    | My (new) blog: http://www.thereisnomagic.org |

  4. Re: [News] Infecting the MBR is now back in fashion

    ____/ Mark Kent on Tuesday 15 January 2008 15:48 : \____

    > [H]omer espoused:
    >> Verily I say unto thee, that The Ghost In The Machine spake thusly:
    >>
    >>> http://news.bbc.co.uk/2/hi/technology/7183008.stm

    >>
    >> Remember the good ol' days of Amiga boot sector viruses, Ghost?
    >>
    >> http://en.wikipedia.org/wiki/Lamer_E...computer_virus)
    >>
    >> Some things never change, it seems, on closed source systems at least.
    >>

    >
    > And the DOS ones, too. Of course, back then, before Microsoft-based
    > computers were networked, it used to take some time for viruses to get
    > around...


    Poor Novell servers got crippled.

    --
    ~~ Best of wishes

    Modern man is the missing link between Neanderthals and the civilised man
    http://Schestowitz.com | GNU/Linux | PGP-Key: 0x74572E8E
    Swap: 1510068k total, 526172k used, 983896k free, 80812k cached
    http://iuron.com - next generation of search paradigms

+ Reply to Thread