Botnets are becoming more prevalent as malware technologies becomes more complex. One of the more destructive examples of malware that was first noted back in 2008 is called Mebroot. This virus, which is still in the wild today, is a rootkit that alters a computers Master Boot Record giving it the ability to install prior to the operating system of the computer installs, effectively protecting it from desktop protection applications.
When prioritizing elements of enterprise network security, preventing malware like a rootkit that hides itself and allows for complete control of the computer is of highest priority. Mebroot alone is mostly harmless since it does not contain any specific applications but becomes a carrier for other malware. The most virulent of these is Torpig, a massive botnet.
Torpig contains multiple data stealing pieces of malware that search the infected computer for credentials, accounts and passwords as well as supposedly allowing attackers full control of the system. In 2009 a group of researchers were able to take control of the Torpig botnet for ten days. During that time, they pulled out over 70GB of stolen information from botnet client machines.
Mebroot gets onto computers by a user going to a website using a web browser that is older and has not been patched to eliminate the weaknesses that Mebroot uses to install itself on the user’s computer. The most reliable way to detect Mebroot is with a network based detector, because the virus hides itself on the machine it is installed on which may make it unable to be found.
Only some virus scanners can detect and remove Mebroot. If a computer is rebooting or acting infected, yet no virus appears in a scan, fixing the Master Boot Record on the computer will remove Mebroot if it installed. Searching the web for “Fix MBR” will turn up a few different ways to fix the Master Boot Record. After that is accomplished, run a complete virus scan on the computer again to find anything else that was hidden.
The best way to go is to prevent computer infection by keeping browsers updated, and operating both host and network based malware detection applications that are constantly updated with real time information to stop any infection before it starts.
Get more information to help update your network security policy and defend against network security threats from your local IT Value Added Reseller that specializes in security.