Computers Worldwide Targetted by a MBR Worm

View previous topic View next topic Go down

Computers Worldwide Targetted by a MBR Worm

Post by Ryo.Yashimura on Fri Jan 22, 2010 10:11 pm

Bratislava, January 22, 2010

Computers Worldwide Targetted by a MBR Worm Initially perhaps conceived as a prank targeting a small community of bikers in central Slovakian region, the worm Win32/Zimuse.A and Win32/Zimuse.B has achieved worldwide notoriety. It is a type of threat that overwrites MBR (Master Boot Record) of all available drives with its own data, making the data stored on the user’s computer inaccessible. Moreover, the restoration of the corrupted data is complicated, requiring specialized software or a provider.

Since the worm’s inception, ESET has detected it on hundreds of computers of its users. Initially after the outbreak, only users in Slovakia were affected – accounting for over 90% of all infections. Presently, the greatest number of infected computers is in the United States, followed by Slovakia, Thailand and Spain, followed with Italy, Czech Republic and other European countries.



The worm uses two ways to spread – either via embedding in legitimate websites, in the form of a self-unpacking ZIP file or as an IQ test program, or via Exchangeable media, such as USB devices. The fact that it relies on USB devices to propagate is responsible for its rapid dissemination, which is likely to increase even further.



To date, the worm’s two variants - Win32/Zimuse.A and Win32/Zimuse.B differ in the method of spread and the timing of activation. While the A-variant needs 10 days to start spreading via USB devices, its B-variant needs only 7 days since infiltration. Moreover, the time needed for the execution of the destructive routine is shortened in the B-variant from the original 40 days to 20.

Moreover, if the right removal method is not used, the worm shifts to its destructive mode. This is similar to making the right choice on which wire to cut, and in what sequence in a bomb-defusing operation.


There is a widely held suspicion that the worm was intended to infect the computers of fans of a motorcycle club in the central Slovakian Liptov region, however, it has spread beyond this target group once it started attacking company networks. What’s more, the infiltration was reminiscent of the well-known OneHalf threat in the worm’s behavior, the country of origin (both originating in Slovakia), and the inflicted damage – causing the total paralysis of the system it attacks.

The infiltration does not posses a degree of sophistication that would encrypt the data on the disk, instead it was designed to corrupt the MBR (Master Boot Record) of physical disk drives. It emulates the old-time threats in that it is timed to go off – in this case in 40 days since the infiltration.

Users of ESET products – namely ESET NOD32 Antivirus and ESET Smart Security are protected against this threat. However, in order eliminate the potential of data loss as a result of its corruption by the worm, ESET recommends to its users to back up their important data.


ESET has also recently published Zimuse Removal Tool.

About ESET
Founded in 1992, ESET is a global provider of security solutions for enterprises and consumers. Thanks to its ThreatSense.Net® technology, ESET is able to collect data on a volunteer basis from users all around the world, which helps us react quickly to emerging threats. ESET has offices in Bratislava, SK; Buenos Aires, AR; San Diego, USA and has an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named by Deloitte’s Technology Fast 500 one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.

_________________
Thinks... change is never easy. You fight to hold on. You fight to let go. But sometimes in the winds of change, we find our true direction...

Ryo.Yashimura

Quote : says believes in 3 rules to live by: 1. make the rules... 2. play by the rules... and 3. RULE THE GAME...
Number of posts : 8028
Age : 34
Location : USJ 9 Subang Jaya
Machine : Kawasaki Versys 650 sudahhh~~~

Registration date : 07/09/2008

View user profile http://msc-yashimura.fotopages.com

Back to top Go down

Re: Computers Worldwide Targetted by a MBR Worm

Post by Ryo.Yashimura on Fri Jan 22, 2010 10:12 pm

PErcayalah pada ESET~~~

sapa nak guna AV ni..sila roger aku~~~ ahahhaha...

^^

_________________
Thinks... change is never easy. You fight to hold on. You fight to let go. But sometimes in the winds of change, we find our true direction...

Ryo.Yashimura

Quote : says believes in 3 rules to live by: 1. make the rules... 2. play by the rules... and 3. RULE THE GAME...
Number of posts : 8028
Age : 34
Location : USJ 9 Subang Jaya
Machine : Kawasaki Versys 650 sudahhh~~~

Registration date : 07/09/2008

View user profile http://msc-yashimura.fotopages.com

Back to top Go down

Re: Computers Worldwide Targetted by a MBR Worm

Post by kubuntu on Fri Jan 22, 2010 11:09 pm


_________________
"Truly Great Friend are Hard to Find;Difficult to Leave;Impossible to Forget"
"You'll Never Walk Alone"



kubuntu

Quote : You'll Never Walk Alone
Number of posts : 4420
Age : 37
Location : Kinrara Puchong
Machine : Emm Bee Que Empat Puluh
Registration date : 08/09/2008

View user profile http://myscooterclub.blogspot.com

Back to top Go down

Re: Computers Worldwide Targetted by a MBR Worm

Post by Sponsored content Today at 6:17 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum