Stealthy Windows virus that can steal bank login information doing the rounds

London, January 12: Security experts are urging internet users to be alert against a stealthy Windows virus that can steal login details for online bank accounts.

About 5,000 machines, most of which were from Europe, were found to be infected by the malicious program between 12 December and 7 January.

The experts say that it is via booby-trapped websites — which use vulnerabilities in Microsoft's browser to install the attack code — that many people fall victim to this virus.

Since the virus has the ability to bury itself deep inside Windows, it is hard to detect it.

It tries to overwrite part of a computer’s hard drive called the Master Boot Record (MBR). When a computer is switched on, it scans the same portion for information about the operating system it will be running.

Upon installation, the virus called Mebroot usually downloads other malicious programs like keyloggers to steal confidential information.

"If you can control the MBR, you can control the operating system and therefore the computer it resides on," the BBC quoted Elia Florio as writing on security company Symantec's blog.

He pointed out that most of the viruses dating from the days before Windows used the Master Boot Record to get a grip on a computer. They lie in wait on a machine until its owner logs in to the online banking systems of one of more than 900 financial institutions.

Mebroot has been written by a Russian virus-writing group, which specialises in stealing bank login information.

Security firm iDefense said that Mebroot was discovered in October, but it was used in a series of attacks in early December.

Computers running Windows XP, Windows Vista, Windows Server 2003 and Windows 2000 that are not fully patched are all vulnerable to the virus. Mebroot cannot be removed while a computer is running. (ANI)

Technology Update: 
Regions: