If not redirected, please click here https://www.thesecuritybuddy.com/malware-prevention/what-is-nemesis-bootkit/
Since early 2015 a new malware started
targeting banks, payment card processors or other financial services,
stealing sensitive information from them. It infects a computer and
plucks sensitive data out of computer memory. It is called Nemesis
Bootkit.
Nemesis Bootkit is a part of Nemesis malware, which
includes programs for transferring files, capturing screens, logging
keystrokes, injecting processes or do other malicious activities.
The difference which makes Nemesis
Bootkit much more harmful than most other malware programs is that it changes
Master Boot Record and can survive through re-installation of
Operating Systems. It is much harder to detect and once detected,
much harder to remove.
How does Nemesis Bootkit infect a computer
In Windows Systems, MBR or Master Boot
Record stores information about the disk, including number and layout
of partitions. This MBR is critical to boot process. It stores a
small amount of code, which searches for primary active partition and
transfers the control to the Volume Boot Record or VBR of the
partition.
This VBR resides on the first sector of
individual partition. It contains a small machine code specific to
the Operating System and instructs the Operating System to begin the
boot process.
Nemesis Bootkit hijacks the boot
process of the computer. It first uses a multi-step process to create a
custom virtual file system and stores the Nemesis components in the
unallocated space between the partitions.
It then replaces the VBR code with its
own malicious code, so that it can intercept certain boot process
functions and inject Nemesis components to Windows Kernel.
And once infecting a computer, it
starts it malicious activities to steal sensitive data from the
targeted banks, payment card processors or other financial services.
Countermeasures of Nemesis Bootkit
As discussed earlier, Nemesis Bootkit
is much harder to detect and remove. Because of the way it infects a
computer, simple re-installation cannot get rid of it completely.
But, there is a valid solution to
remove it, though the practicality of the solution is questionable.
If someone wipes the disks completely and then re-installs the
Operating System, this malware can be removed.
Please note that, Nemesis Bootkit does not
install itself on computers that use GUID partitions, which were
introduced as part of Extensible Firmware Interface initiative and
are an alternative for old Master Boot Record. So, use of this newer
technology also can help the financial services from this threat.
This was an introductory article to
give you some information about Nemesis Bootkit. Hope it helped.
No comments:
Post a Comment