Bank details stealing Ramnit malware hits Indian cyberspace

Country's cyber security sleuths have alerted Internet users in the country about the new and suspected variant of malware family called 'Win32/Ramnit'.

"Ramnit worm spreads by infecting or modifying files existing on target systems such as (EXE, dll or html) and creating a new section so as to modify the entry point to that section," an advisory issued by country's premier cyber security agency Computer Emergency Response Team-India (CERT-In) said.

The malware, the advisory states, "steals credentials like file transfer protocol passwords, bank account logins, infects removable media, changes browser settings and downloads and executes arbitrary files".

The virus is so deadly and potent, cyber sleuths say, that it has ability to hide itself from anti-virus solutions and acquires various aliases to attack a genuine system or Internet-based connection which works to play emails and other user services.

The virus is such lethal in its operations that it "infects the removable media by copying itself to its recycle bin and creates an autorun.inf file," the advisory said.

Once the system is infected, the malware injects its code into windows executables, html files or dlls to communicate with its command and control server, thereby compromising the security of the online system.

The agency has also advised some counter measures in this regard.

The combat steps against this virus stipulate that users should not download and open attachments in emails received from untrusted users or unexpectedly received from trusted users, one should exercise caution while visiting links to web pages and users should not visit untrusted websites.

"Enable firewall at desktop and gateway level and disable ports that are not required, avoid downloading pirated software, keep up-to-date patches and fixes on the operating system and application softwares and keep up-to-date anti- virus and anti-spyware signatures at desktop and gateway level," the advisory stated.