Entreprise Network Security Threats Mebroot and Torpig and How They Affect You
Botnets are becoming more widely distributed as malware creators becomes more complex. One of the more diabolical pieces of malware that was first noted back in 2008 is named Mebroot. This virus, which is still in the wild today, is a rootkit that changes a machines Master Boot Record allowing it to run even before the operating system of the machine installs, allowing it to hide itself from anti-virus protection software.
When prioritizing elements of enterprise network security, preventing malware like a rootkit that hides itself and permits total control of the computer is of highest priority. Mebroot by itself is mostly harmless in that it does not have any specific functions but becomes a platform for other malware. The most virulent of these is Torpig, a huge botnet.
Torpig contains a number of different data stealing pieces of malware that look through the infected system for private data, accounts and passwords as well as potentially allowing attackers full control of the system. In 2009 a group of researchers were able to take control of the Torpig botnet for a period of ten days. During that time, they pulled out over 70GB of stolen information from infected systems.
Mebroot gets onto systems by a user going to a website using a web browser that is older and has not been patched to repair the vulnerabilities that Mebroot uses to add itself to the user’s computer. A good way to find Mebroot is with a network based detector, because the virus hides itself on the system on which it is installed which might make it unable to be found.
Only some anti-virus applications can detect and remove Mebroot. If a computer is rebooting or acting infected, yet no virus appears in a scan, fixing the Master Boot Record on the system will remove Mebroot if it installed. Doing a web search for “Fix MBR” will turn up some different ways to repair the Master Boot Record. After that is done, run a complete virus scan on the system again to locate anything additional that was hidden.
The best way to go is to prevent machine infestation by keeping browsers patched, and operating both host and network based malware detection applications that are continually updated with real time information to stop any infection before it starts.
Get more information to help create your network security policy and defend against network security threats from your local IT Value Added Reseller that specializes in security.
