Ramnit Worm is becoming a huge threat vector for the banking industry

by Alex Shoykhet 31. August 2011 14:17

The Ramnit worm is more dangerous than originally thought and is becoming a huge threat vector for the banking industry according to the article, “Ramnit worm variant now dangerous banking malware,” written by Robert Westervelt of Searchsecurity.com.  The capabilities of the Ramnit Worm are more serious than before because cybercriminals have transformed it into “financial-focused malware capable of draining bank accounts.”  The Ramnit Worm infects Microsoft Windows executable files and it made it to Microsoft’s Top 25 Infections list.

There are ways your company can reduce the exposure to the malicious Ramnit Worm.  One method is to limit user privileges on the computer by removing administrator rights.  The worm infects executable files in order to remain undetectable.  According to Microsoft Win32/Ramnit, it is a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker. When run, it copies itself using a hard-coded name or in some cases to a random folder and file name, for example:

 

%ProgramFiles%\Microsoft\watermark.exe

%ProgramFiles%\Microsoft\desktoplayer.exe

%ProgramFiles%\blvvcvww\jonimvgn.exe

 

What this means is if users have local admin rights the probability of getting the virus is higher. However, if administrator rights are removed, permissions would be required to write to protected areas of Windows.  For example, if an end user  is working on the Windows 7 OS without admin rights, and the process tries to copy files in the mentioned folder, a UAC ( if enabled) dialog box will prompt for an administrator password to perform the function.  The removal of administrator rights from end users is very effective in this scenario.  According to Microsoft, multiple steps should be taken to help prevent infection on your computer including Limiting user privileges on the computer.

View a recorded webcast from MVP, Greg Shields, on “Eliminating Admin Rights as Another Layer of Protection Against Malware,” and learn about other use cases related to the removal of administrator rights is when it comes to reducing the threat of malware.

Currently rated 1.4 by 39 people

  • Currently 1.435897/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: , , , , ,

Administrative Rights | Application Virtualization | Privilege Management | Viewfinity

Comments

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

Calendar

<<  September 2014  >>
MoTuWeThFrSaSu
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345

View posts in large calendar

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. The Viewfinity solution allows enterprises to control end user and privileged user rights for applications and systems which require elevated permissions. Viewfinity's granular-level control enables companies to establish and enforce consistent policies for least privilege Windows-based environments based on segregation of duties. For more information, visit www.viewfinity.com.

Follow us on Twitter: viewfinity
Find us on LinkedIn: www.linkedin.com/companies/viewfinity
Become a fan on Facebook: www.viewfinity.com/facebook