Botnets are becoming more prevalent as malware technologies becomes more complex. One of the more destructive examples that hit the scene back in 2008 is known as Mebroot. This virus, which is still around, is a rootkit that changes a computers Master Boot Record permitting it to run prior to the operating system of the computer gets loaded, allowing it to hide itself from anti-virus protection software.
When planning for enterprise network security, preventing malware like a rootkit that conceals itself and allows for total control of the machine is right at the top. Mebroot by itself is mostly harmless since it does not have any specific applications but instead is a platform for other harmful software. The most virulent of these is Torpig, a massive botnet.
Torpig has a number of different information stealing pieces of software that analyze the infected computer for credentials, accounts and passwords as well as supposedly granting attackers full control of the computer. In 2009 a team of researchers were able to take control of the Torpig botnet for a period of ten days. During that period, they pulled out over 70GB of stolen data from botnet client machines.
Mebroot gets onto computers by a user accessing a website using a web browser that is older and has not been updated to eliminate the weaknesses that Mebroot uses to install itself on the user’s computer. A good way to detect it is with a network based detector, since the virus hides itself on the system on which it is installed which might make it unable to be found.
Only some anti-virus applications can detect and remove Mebroot. If a computer is rebooting or acting infected, yet no virus shows up in a scan, repairing the Master Boot Record on the computer will remove it if it installed. Doing a web search for “Fix MBR” will turn up some different ways to fix the Master Boot Record. After that is done, run a complete virus scan on the system again to locate anything else that was hidden.
The best way to go is to prevent computer infection by keeping browsers patched, and running both host and network based malware detection programs that are constantly updated with real time information to stop any infection before it starts.
Get more information to help update your network security policy and protect against network security threats from your local IT Value Added Reseller that specializes in security.
Related Blogs
- Kim Kardashian sets the record on sister’s relationship | HollywoodNews.com
- Technique and Food: Why our Local Food System does not Feed Us | Front Porch Republic
- What the Computer Virus Mebroot Can Do to Your Computer and Network Security | HOW TO MAKE A FREE WEBSITE
- Computer Software Review – Exclusive Drops
- US deaths in Afghanistan hit record in 2010 | Defense & Security News at DefenseTalk
Related posts:
