A sneaky virus which goes by the name of ‘Mebroot’ is on the prowl. It registers itself in the MBR or ‘Master Boot Record’ and modifies it to snuggle itself through. The MBR is where the computer identifies where and which operating system it should launch. This virus modifies the MBR so it can activate itself once the system is on and so is known as the ‘rootkit’ type of virus.
Once ‘Mebroot’ (named so by Symantec) is initiated, it launches several tools by downloading them, such as a key loggers and spyware. It records the keys entered by the user of the victimized system. One ‘feature’ is it records personal information and data especially from online bank accounts, transactions and log in information.
‘Mebroot’ hides itself well so much that it is difficult to detect. Even if an antivirus software manages to detect and delete some of its several files, it re-installs them once the cleaning process is over. And several of the biggest antivirus softwares even fails at detecting the source. ‘Mebroot’ cannot be removed when the computer is once booted or running.
But its been a while since ‘Mebroot’ has been seen around. It was by October that ‘Mebroot’s existence was detected and it started its series of attacks by early December, according to reports by iDefense Labs.
Till now 5,000 computers have been victimized, several of the reports being from Europe.
Prevention is claimed to be possible if the systems running WIndows XP, Vista, WIndows 2000 and Windows Server Edition 2003, which are the vulnerable operating systems, are fully patched and carry up-to-date antivirus programs. A utility has been produced by an independent security firm GMER which claims to be capable of removing this stealthy nuisance.
Click here to view McAfee’s report of this virus.