Bitcoin Forum
June 19, 2024, 10:23:29 PM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Windows Pre-Boot Malware Puts Financial Industry At Risk  (Read 233 times)
TheIrishman (OP)
Legendary
*
Offline Offline

Activity: 1049
Merit: 1006


View Profile
December 07, 2015, 07:28:43 PM
 #1



Windows Pre-Boot Malware Puts Financial Industry At Risk

http://www.tomshardware.com/news/windows-nemesis-bootkit-financial-industry,30703.html

Security researchers from FireEye discovered Windows pre-boot malware (or bootkit) on the machines of a customer from the financial transactions market. FireEye believes the malware belongs to a financial crime group from Russia, called FIN1.

"We identified the presence of a financially motivated threat group that we track as FIN1, whose activity at the organisation dated back several years", FireEye reported. "The threat group deployed numerous malicious files and utilities, all of which were part of a malware ecosystem referred to as 'Nemesis' by the malware developer(s)."

A "bootkit" can infect lower-level system components, which makes identifying it quite difficult. It’s also highly persistent and will not be removed by re-installing the Windows operating system. The malware supports a wide array of backdoors and capabilities, which include file transfer, screen capture, keystroke logging, process injection, process manipulation, and task scheduling support.

Once a target computer is infected with the Nemesis malware, it can be further updated to include more hacking tools and functionality. In early 2015, the FIN1 group updated Nemesis to include a utility that modifies the Volume Boot Record (VBR) and hijacks the system boot process to begin loading malware components before Windows system code. FireEye called this utility BOOTRASH.

Source: Tom's Hardware
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!