How to stop the sneaky spread of the insidious Mebroot and Torpig viruses

Botnets have become more prevalent as malware writers have become more sophisticated. One of the most diabolical pieces of malware that appeared in 2008 is called Mebroot. This virus, which is still in the wild today, is a rootkit that changes a computer’s master boot record, allowing it to install itself even before the computer’s operating system loads, thus protecting it from software virus protection.

By prioritizing the elements of corporate network security, prevention of malware like a rootkit that hides and allows full control of the machine is at the top. Mebroot itself is practically harmless as it does not contain any specific applications, but it becomes a platform for other malware. The most prevalent of these is Torpig, a very large botnet.

Torpig contains a number of different malware elements that steal data and scan the infected machine for private data, accounts, and passwords, and allegedly allow attackers full access to the computer. In 2009, a team of researchers was able to take control of the Torpig botnet for ten days. During that time, they extracted more than 70 GB of stolen information from the infected computers.

Mebroot enters computers when a user enters a website using a web browser that is older and has not been patched to remove weaknesses that Mebroot uses to add itself to the user’s system. A safe way to detect Mebroot is with a network-based scanner, as the virus hides on the machine it is installed on, which can make it undetectable.

Only some virus scanners can find and remove Mebroot. If a machine is rebooting or acting infected, but no virus shows up on a scan, repairing the Master Boot Record on the system will remove Mebroot if it is installed. Doing a web search for “Repair MBR” will show a few different ways to repair the master boot record. Once this is done, run a full virus scan on the computer again to locate anything else that is hidden.

The best course of action to prevent machine infection is to keep browsers up to date and operate both host and network based malware detection programs that are constantly updated with startup information in real time to stop any infection before it happens.

Leave a Reply

Your email address will not be published. Required fields are marked *