Mebroot (Sinowal) Trojan Active Again

[Bobhist]

Here’s a Trojan that scares the beegees out of me, just discussed by Windows Secrets. I can find no previous mention of it in the Forum by either name.

Quote:

The only company that seems to be in a position to fix the Master Boot Record problem is Microsoft. But it's hard to imagine MS management devoting the time and resources necessary to fix major security holes in a seven-year-old product, particularly when XP's successors (I use the term lightly) don't appear to have the same flaw.

This is short-sighted, however. It's only a matter of time before Sinowal/Mebroot — or an even-more-dangerous offshoot — finds a way to do its damage on Vista systems as well.

If Microsoft decides to take on Sinowal/Mebroot, the company is up against a formidable opponent that draws on many talented programmers. John Hawes at Virus Bulletin says "I recently heard someone estimate that a team of 10 top programmers would need four full months of work to put together the basic setup.

Every member of this forum needs to read it. No further comment on my part is necessary.

http://windowssecrets.com/2008/11/20...ojan/?n=story1

[Vittfarne]

I thought this article was really interesting and I will continue to keep an eye on Windowssecret.

Btw, I downloaded the GMER rootscanning program which was recommended in an sidearticle of your article and which was also posted by Big Geek Daddy in this thread:

http://forums.tweakguides.com/showth...highlight=GMER

[Bobhist]

@Vittfarne, From the various reports I've read around the Net, GMER is an excellent program. I, too, noted the post by Big Geek Daddy in the past. I use Blacklight Rootkit Eliminator by F-Secure and it works well for me. It's fast and efficient.

[spectre]

It is interesting to note that Vista's UAC seems to play a role here, along with Vista's changes to the MBR.

Quote:

Originally Posted by article

In addition, according to Peter Kleissner, Sinowal/Mebroot — at least in its current incarnation — doesn't infect Vista systems. Windows XP remains its primary target, because Vista's boot method is different and its User Account Control regime gets in the worm's way.

Also, reading through the details I can't help but be horribly "impressed" by the sophistication of the program. Much of it is beyond me but there is a technical description of the program here, which was linked in the article Bobhist linked.

[Bobhist]

Spectre, I'm sure you probably know by now that I use XP, and one of the reasons I posted the warning was to alert the Vista guys.

Quote:

This is short-sighted, however. It's only a matter of time before Sinowal/Mebroot — or an even-more-dangerous offshoot — finds a way to do its damage on Vista systems as well.

One of the reasons that it scares the beegees out of me is because we exclusively use online banking. My wife is a retired bank executive, so is well aware of the problems involved, but she assures me that guards are in place in our accounts. I'm not so sure now that I've read this article!