1 / 15

Malware Trojan.Mebromi

Malware Trojan.Mebromi . (CPSC620) Sanjay Tibile Vinay Deore. Agenda :- Computer Trojan What is rootkit Different type of rootkit Trojan Mebromi Symptoms How Mebromi Attacks How to remove Summary. What is Trojan ?

callum
Download Presentation

Malware Trojan.Mebromi

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MalwareTrojan.Mebromi (CPSC620) Sanjay Tibile VinayDeore

  2. Agenda :- Computer Trojan What is rootkit Different type of rootkit Trojan Mebromi Symptoms How Mebromi Attacks How to remove Summary

  3. What is Trojan ? A Trojan is a program that may appear to be legitimate, but in fact does something malicious. Destructive program -steals information or harms the system Does not replicate

  4. Rootkit? Software that allows continued privilege access to a computer system without the system users knowledge. Detection is difficult. Types User-mode, Kernel-mode, Bootkits, Hypervisor level, Hardware/Firmware

  5. Mebromi Discovered on 6 Sept 2011 Trojan that infects BIOS and MBR Systems Affected :- Windows 2000, WIndows95, Windows98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP Capability to edit Windows Registry

  6. Symptoms constantly redirect your internet connection Slow startup , shutdown, surfing web Homepage and desktop settings changed Shuts down all antiviruses annoying pop up corrupt your registry, leaving your computer totally unsafe.

  7. BIOS and MBR The BIOS software is built into the PC, and is the first code run by a PC when powered on. BIOS is responsible for booting of computer and managing communication between machine and attached devices. Master Boot Record is program that initialized when PC is started.

  8. How Mebromi Attacks First malware which attacks BIOS Trojan.Mebromi drops a tool under Temporary directory of Windows to identify BIOS status on the compromised PC. It attacks system with Award BIOS only. If not Award BIOS then it attacks MBR only.

  9. Continued… The Trojan then infects the following files, depending on the operating system: %System%\winlogon.exe (if the operating system is Windows XP or 2003) %System%\winnt.exe (if the operating system is Win2000) MBR get reloaded by BIOS at time of next system start up. If BIOS itself got infected then the malicious MBR is loaded every time.

  10. Prevention Keep all programs updated, patch the vulnerabilities Download from authorized websites Activate real-time, auto scan scanning Not to open files as vbs, bat, exe. These files are often used to spread trojan.

  11. Removal Auto- Removal System Restore Manual Removal Update antivirus definition Reboot windows in safe mode Run full system scan and delete infected files. Restart windows

  12. Summary We have seen what is Rootkits, Trojan.Membromi , how they work, how can they be detected and removed and also prevention mechanisms.

  13. References :- http://forums.malwarebytes.org/index.php?showtopic=95371 http://en.wikipedia.org/wiki/Rootkit http://www.symantec.com/security_response/writeup.jsp?docid=2011-090609-4557-99 http://www.precisesecurity.com/trojan/trojan-mebromi http://www.theregister.co.uk/2011/09/14/bios_rootkit_discovered/

  14. Question?? Contact :- stibile@clemson.edu vdeore@clemson.edu

More Related