Ramnit Malware Evolves to Disable Security Components and Infect Over 500,000 Computers

Posted: February 27, 2015

ramnit malware evolves banking theft botnetJust like the pendulums of time, malware is a perpetual entity that proves to be a serious nuisance for not only computer security experts but for millions of computer users around the world. One particular malware threat, known as Ramnit, is malicious software that reemphasizes how intrusive and disruptive malware has become. The latest information overturned by researchers on Ramnit details that the worm infection is targeting financial institutions and is now able to turn off built-in Windows security features and disable other security applications.

The Ramnit malware threat has long been touted as a computer Worm infection first introduced into the wild in 2010. At that time, Ramnit would infect popular system files including EXE, DLL, SCR and HTML type files. Since then, the Ramnit worm has evolved at the hands of cybercrooks to target banks much like well-known banking threats, such as Zeus.

Ramnit is now operating much like a botnet and has established nearly 350,000 computers from data collected by Symantec. What is even more alarming about these infected systems is that over half of them were infected within the last six months. In knowing how Ramnit is obviously ramping up its efforts to infect hundreds of thousands of computers, such an infection should be placed on high alert.

Getting to the brass tacks of what Ramnit may be attempting to accomplish in its latest efforts, we have found that there is another version of Ramnit that may be responsible for infecting 500,000 or more computers. This particular version, what is now being dubbed a Redmond-based variant, may have the ability to disabled Windows Firewall, Windows Defender antivirus, User Account Control and Windows Update mechanism. Additionally, Ramnit may target over 300 other antivirus products where it could disable them also.

In acting as a botnet threat, the command and control servers of Ramnit are believed to download instructions and updates to systems infected by Ramnit so the threat may detect any antivirus solutions and then find a method of disabling them. In doing this, it puts Ramnit in a position to run amuck without any roadblocks while it carries out its malicious actions on hundreds of thousands of infected computers around the world.

Investigating additional details about the latest version of Ramnit, Microsoft researchers found that the malware threat relies on two Command and Control servers. One is claimed to be contacted through the DGA (domain generation algorithm) to deliver different components and updates while the other is able to address the configuration file for injecting code to steal online banking credentials.

If there ever was a question of how advanced malware may become, now may be a good time to reconsider those doubtful thoughts. Ramnit is proof of concept of how sophisticated malware has become and what is on the horizon. We may continue to see the Ramnit threat evolve to unprecedented levels of sophistication. Until then, we must be vigilant about arming ourselves with the latest antivirus and antispyware solutions to help combat such an aggressive and devious threat.

Home Cybersecurity Ramnit Malware Evolves to Disable Security Components and Infect Over 500,000 Computers

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.