FBI warns “Beta Bot” malware can kill your anti-virus programs, steal data

Beta Bot targets financial institutions, e-commerce sites, online payment platforms to steal data, financial information

The FBI sent out a warning today about an uptick in the use of malware known as Beta Bot that can steal sensitive data such as log-in credentials and financial information.

The FBI says Beta Bot blocks computer users' access to security websites and disables anti-virus programs, leaving computers vulnerable to compromise. Cyber criminals aiming Beta Bot at financial institutions, e-commerce sites, online payment platforms, and social networking.

[NEWS: Obvious? Not so much: TSA reminds you not to travel with hand grenades]

From the FBI: "Beta Bot infection vectors include an illegitimate but official looking Microsoft Windows message box named "User Account Control" that requests a user's permission to allow the "Windows Command Processor" to modify the user's computer settings. If the user complies with the request, the hackers are able to infiltrate data from the computer. Beta Bot is also spread via USB thumb drives or online via Skype, where it redirects the user to compromised websites.

Although Beta Box masquerades as the "User Account Control" message box, it is also able to perform modifications to a user's computer. If the above pop-up message or a similar prompt appears on your computer and you did not request it or are not making modifications to your system's configuration, do not authorize "Windows Command Processor" to make any changes."

The FBI recommends running a full system scan with up-to-date anti-virus software on the infected computer. If Beta Bot blocks access to security sites, download the latest anti-virus updates or a whole new anti-virus program onto an uninfected computer, save it to a USB drive and load and run it on the infected computer. It is advisable to subsequently re-format the USB drive to remove any traces of the malware, the FBI stated.

RSA's Limor Kessem, Cybercrime and Online Fraud Communications Specialist, wrote about Beta Bot in May saying:  "It appears that a much anticipated event has finally transpired in the cybercrime arena, with the release and active sale of a new commercially-available Trojan family that has begun around January this year, circulating under the name Beta Bot. RSA researchers have recently come across samples of this user-mode rootkit, analyzing its behind-the-scenes infrastructure. Beta Bot actually started out as an HTTP bot and not a banking Trojan, but it has since evolved, donned a trigger list, and was repurposed for financial fraud that includes targets such as banks, ecommerce and even Bitcoin wallets.

According to research performed by RSA it was inferred that Beta Bot (alias: Troj/Neurevt-A) is not the creation of an amateur. The malware is a persistent Ring-3 rootkit with layers of anti-security protection (such as not executing within virtual machines, thus avoiding sandboxes), AV-disabling features, and even a DNS redirecting scheme to isolate bots from security-themed online resources, including RSA's official website."

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

Orbital Science just made private space arena way more interesting

DARPA hunts airplane-like spacecraft that can go Mach 10

MIT team says space weather has taken out satellites

Air Force whacks 52-year old space fence

NASA: Voyager spacecraft has crossed over into interstellar space

Fearless IT guy trying to fly across the Atlantic on helium balloons

Obvious?  Not so much:  TSA reminds you not to travel with hand grenades

"Oddball" asteroid - the  third largest near-Earth rock -- is really a comet

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2013 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)