The Ramnit worm is more dangerous than originally thought and is becoming a huge threat vector for the banking industry according to the article, “Ramnit worm variant now dangerous banking malware,” written by Robert Westervelt of Searchsecurity.com. The capabilities of the Ramnit Worm are more serious than before because cybercriminals have transformed it into “financial-focused malware capable of draining bank accounts.” The Ramnit Worm infects Microsoft Windows executable files and it made it to Microsoft’s Top 25 Infections list.
There are ways your company can reduce the exposure to the malicious Ramnit Worm. One method is to limit user privileges on the computer by removing administrator rights. The worm infects executable files in order to remain undetectable. According to Microsoft Win32/Ramnit, it is a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker. When run, it copies itself using a hard-coded name or in some cases to a random folder and file name, for example:
What this means is if users have local admin rights the probability of getting the virus is higher. However, if administrator rights are removed, permissions would be required to write to protected areas of Windows. For example, if an end user is working on the Windows 7 OS without admin rights, and the process tries to copy files in the mentioned folder, a UAC ( if enabled) dialog box will prompt for an administrator password to perform the function. The removal of administrator rights from end users is very effective in this scenario. According to Microsoft, multiple steps should be taken to help prevent infection on your computer including Limiting user privileges on the computer.
View a recorded webcast from MVP, Greg Shields, on “Eliminating Admin Rights as Another Layer of Protection Against Malware,” and learn about other use cases related to the removal of administrator rights is when it comes to reducing the threat of malware.