Beware of Bank Account and Password Stealing Internet Virus “Win32 / Ramnit”

A message from Country's cyber security sleuths to alert the internet users about a malware family called “Win32 / Ramnit” which is spreading widely in Indian cyberspace. This virus “Win32 / Ramnit” very smartly steals bank account details and passwords once the user clicks his online bank accounts.

Computer Emergency Response Team-India (CERT-In) advisory said, “Win32 / Ramnit” worm spreads by infecting or changing files existing on target systems such as (.exe, .dll or html). The expert security advisory said, the malware steals credentials like file transfer protocol passwords, bank account logins, infects removable media, changes browser settings and downloads and executes arbitrary files". The virus is so deadly and potent that it hides itself from antivirus scanning and takes genuine system file names to escape antivirus screening.

The virus spreads very deadly and infects the removable media by copying itself to its recycle bin and creates autorun.inf file. As soon as the system is infected, the malware injects its code into windows executable, html files or dlls to communicate with its command and control server, thereby compromising the security of the online system.

The expert advisory advises to enable firewall at desktop and gateway level and disable ports which are not required. The best thing is to update the antivirus and anti-spyware of the desktop and other gateway level systems to protect from this deadly virus.