Leave a comment

'Nemesis' malware is almost impossible to spot and just as hard to get rid of

Throughout human history, warfare has been a back and forth of offense and defense. Dirt and wood forts gave way to increasingly large and complex stone castles as siege engines progressed from fire arrows and simple battering rams to massive stone-throwing trebuchets. When cannons arrived, castles became nearly obsolete and the name of the game was range and mobility.

The same kind of thing goes on in the world of computer viruses. Hackers are on the attack and security companies are on the defense. Hackers are continually finding new and ingenious ways to attack electronic systems, and it's up to software companies and security experts to create good defenses. Recently, though, hackers came up with a major offensive weapon. At the moment, there's no good defense.

The weapon has been dubbed "Bootrash" and it's now part of the Nemesis malware suite. Nemesis is a package of attacks that anyone can buy and use, so even novice hackers can have some serious firepower.

Typically, Nemesis has been used in stealing financial data and was aimed at financial institutions. However, the addition of Bootrash opens it up to more general attacks, and the worst part is that it's almost impossible to detect.

Bootrash is what's known as a "bootkit." When it installs, it invades your computer's master boot record. The MBR is a slice of the computer's hard drive that loads Windows, or whatever other operating system, or systems, you have installed.

In other words, Bootrash starts before Windows does when there's no security running. That means it can tell Windows to ignore the rest of the Nemesis malware as it sits there collecting your usernames, passwords and other account information.

Because Bootrash operates outside of Windows, it's almost impossible for security software running within Windows to detect. The only way is to scan the entire hard drive bit by bit looking for it, which on terabyte hard drives takes a long time, and most security software doesn't do this. Even if the malware is discovered, getting rid of it requires wiping the entire hard drive and starting over.

In theory, you could just restore the master boot record from a clean backup to wipe out Bootrash. However, if any of the Nemesis malware is still hanging around the hard drive, it will just put it back. Bootrash even has an uninstall option built in that will make it look like it's been wiped out while leaving the rest of the Nemesis suite intact.

In other words, it's a serious problem. However, there is some good news to go along with this.

The good news is that Nemesis gets installed the same way as any other malware or virus: you have to download and run an infected file. That means that with a little care you can keep it from installing in the first place.

Your first step is to avoid downloading unsolicited or suspicious email attachments. You should also avoid clicking malicious links in unsolicited emails. Learn how to spot a phishing email that's trying to trick you.

Some viruses can download to your computer just by you visiting an infected website. These "drive-by downloads" rely on security flaws in your browser or browser plug-ins to work. Make sure your browser is up to date, and you've updated or disabled any problematic plugins.

Finally, you need to have strong security software installed. This can often catch an infected file as it's running and block it. Even if your security software doesn't catch Nemesis, there are millions of other threats that are constantly attacking your computer that it can protect you against. See what software we recommend in our Security Center.

Whether or not Nemesis ever tries to infect your system, these are good guidelines to follow in general to keep malware off of your system. You can also be sure that security companies are working to create detection systems, so hopefully hackers will soon need to come up with another strategy.

Next Story
View Comments ()
Time to update every Apple gadget you own
Previous Happening Now

Time to update every Apple gadget you own

21% of people are on the Internet ALL the time
Next Happening Now

21% of people are on the Internet ALL the time