Nemesis stealth bootkit hijacks Windows' boot process
by from Techreport on (#WZBQ)
FireEye has uncovered a new piece of malware targeting financial institutions that it's calling Nemesis. This strain of malware is made by a group FireEye calls FIN1, and it's a particularly nasty bug. Once it's introduced to a system, Nemesis hooks into Windows' boot process while remaining next to undetectable from inside the OS. The FIN1 attackers can then exfiltrate nearly any piece of data from an infected system.
Nemesis accomplishes its nefarious task by replacing Windows' MBR. The malware first installs its own custom file system in the free space between disk partitions before hijacking the machine's MBR and redirecting the boot process through its own code. When the infected machine boots up, it also fires up ...