Bootkit targeting banks and payment card processors hard to detect and remove.

Malware targeting banks, payment card processors, and other financial services has found an effective way to remain largely undetected as it plucks sensitive card data out of computer memory. It hijacks the computer’s boot-up routine in a way that allows highly intrusive code to run even before the Windows operating system loads.

The so-called bootkit has been in operation since early this year and is part of “Nemesis,” a suite of malware that includes programs for transferring files, capturing screens logging keystrokes, injecting processes, and carrying out other malicious actions on an infected computer. Its ability to modify the legitimate volume boot record makes it possible for the Nemesis components to load before Windows starts. That makes the malware hard to detect and remove using traditional security approaches. Because the infection lives in such a low-level portion of a hard drive, it can also survive when the operating system is completely reinstalled.

Great read. In one of comments to the article it was noted that secure boot would mitigate this kind of an attack (win7 onward), but as note “That said, this attack is against a population with a penchant for running ancient, decrepit systems so they may be vulnerable for some time going forward. Inexcusable, really, but they’ll react only after losing enough money. ”

That made me laugh as it is not just the banks that short change Cyber Security, it is by in large the majority of businesses.