Quote:
Originally Posted by Mountainman1863
This is a bad one, very recently reported, and for which there are no easy removal techniqies yet, unless you believe reformatting your drive isn't too bad. It rests in the MBR (master boot record) of your boot drive until it is called upon by your 'securely' connecting with one of the programmed financial sites. Then it installs false text blocks requesting sensitive info, and once you've entered that (it's your bank, your account, and the yellow lock shows, right?), guess who its sends that data to? Not to your account. Further, it morphs into new signatures, I believe, possibly automatically or on interrogation by the perpetrators. Reportedly only a few antivirus programs can detect it and none can remove it. I got all this info from several sites reporting it last night.
I'd suppose many organizations are working on detection and removal techniques. Anyone here have some insight into what can be done now?
|
Theres hundreds of types of trojans like that out there. And newer ones being released.
And btw it's not the trojan itself, that remains undetectable, but techniques attackers use to bypass personal security. Like Packers/crypters/ or polymorphic engines.
Packers, and crypters can encrypt servers, from being detected. POLY'a can make trojans stealthy, and keep them undetected longer, by constantly encrypting code, functions.
Recommendation a good firewall ? but... firewalls can be easily bypassed by Process injection techniques(like DLL injection) fooling FW on thinking the application is safe to run.
The truth is no security is safe now a days. Not even virtual VM workstations or emulators. They can be bypassed. A lot of packers have a anti sandboxie functions now a days. And many vulnerabilities to bypass other emulators as well.
Best level of security is Common Sence.