| 26 Jan 2010 |
|
Computers Worldwide Targetted by a MBR Worm
- Text size
Initially perhaps conceived as a prank targeting a small community of bikers in central Slovakian region, the worm Win32/Zimuse.A and Win32/Zimuse.B has achieved worldwide notoriety. It is a type of threat that overwrites MBR (Master Boot Record) of all available drives with its own data, making the data stored on the user's computer inaccessible. Moreover, the restoration of the corrupted data is complicated, requiring specialized software or a provider.
Since the worm's inception, ESET has detected it on hundreds of computers of its users. Initially after the outbreak, only users in Slovakia were affected - accounting for over 90% of all infections. Presently, the greatest number of infected computers is in the United States, followed by Slovakia, Thailand and Spain, followed with Italy, Czech Republic and other European countries.
The worm uses two ways to spread - either via embedding in legitimate websites, in the form of a self-unpacking ZIP file or as an IQ test program, or via Exchangeable media, such as USB devices. The fact that it relies on USB devices to propagate is responsible for its rapid dissemination, which is likely to increase even further.
To date, the worm's two variants - Win32/Zimuse.A and Win32/Zimuse.B differ in the method of spread and the timing of activation. While the A-variant needs 10 days to start spreading via USB devices, its B- variant needs only 7 days since infiltration. Moreover, the time needed for the execution of the destructive routine is shortened in the B-variant from the original 40 days to 20.
Moreover, if the right removal method is not used, the worm shifts to its destructive mode. This is similar to making the right choice on which wire to cut, and in what sequence in a bomb-defusing operation.
There is a widely held suspicion that the worm was intended to infect the computers of fans of a motorcycle club in the central Slovakian Liptov region, however, it has spread beyond this target group once it started attacking company networks. What's more, the infiltration was reminiscent of the well-known OneHalf threat in the worm's behavior, the country of origin (both originating in Slovakia), and the inflicted damage - causing the total paralysis of the system it attacks.
The infiltration does not posses a degree of sophistication that would encrypt the data on the disk, instead it was designed to corrupt the MBR (Master Boot Record) of physical disk drives. It emulates the old-time threats in that it is timed to go off - in this case in 40 days since the infiltration.
Users of ESET products - namely ESET NOD32 Antivirus and ESET Smart Security are protected against this threat. However, in order eliminate the potential of data loss as a result of its corruption by the worm, ESET recommends to its users to back up their important data.
ESET has also recently published Zimuse Removal Tool.
-Ends-
About ESET
Founded in 1992, ESET is a global provider of security solutions for enterprises and consumers. Thanks to its ThreatSense.Net® technology, ESET is able to collect data on a volunteer basis from users all around the world, which helps us react quickly to emerging threats. ESET has offices in Bratislava, SK; Buenos Aires, AR; San Diego, USA and has an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named by Deloitte's Technology Fast 500 one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.
ADAOX is the regional business development and support center for ESET's range of security products including the award-winning ESET NOD32 and ESET Smart Security. ADAOX, today, is a leading Value Added Distributor which provides IT Security Solutions and Services to customers across the Balkans and the Middle East regions. ADAOX enables customers protect, store and manage their valuable data; and works closely with its Channel Partners to empower them by extending technical expertise, support and training to develop their overall capabilities.
With offices in Cyprus, Greece and the United Arab Emirates, ADAOX specializes in value added distribution and support of IT Security Solutions in the areas of Malware Protection, Disaster Recovery, Web Filtering, Internet Bandwidth Optimization, Unified Threat Management, Antispam and Intrusion Detection & Prevention. ADAOX is committed to ensuring customer satisfaction by offering its partners and customers quick response to all their queries and the best prices in the market. For further information, please visit http://www.adaox.com
This press release has been sent to you by Nirmala D'souza, OAK Consulting, on behalf of ADAOX Middle East.
© Press Release 2010
Zawya is a distributor (and not a publisher) of content supplied by third parties and subscribers. Any opinions, advice, statements, services, offers, or other information or content expressed or made available by those third parties, including information providers, subscribers or other users of the Service, are those of the respective author(s) or distributor(s) and not of the Company. The Company neither endorses nor is responsible for the accuracy or reliability of any opinion, advice or statement made on the Service by anyone other than authorized Service employee spokespersons while acting in their official capacities. The Company is not responsible for any infringement of intellectual property rights or breach of any applicable law or regulation, including regulation in relation to financial services or the distribution of financial products, defamation, data protection, telecommunications (including regulations relating to excessive use, spamming or other abusive activities) or obscene, offensive or illegal content). Under no circumstances will the Company be liable for any loss or damage caused by a member's reliance on information obtained through the Service. It is the responsibility of member to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content available through the Service. Please seek the advice of professionals, as appropriate, regarding the evaluation of any specific information, opinion, advice or other content.
Read the full Member Agreement
http://www.zawya.com/legal/NewsLetter.cfm?name=disclaimer
Loading ...
Post a Comment
Community Comments (1)
And you can get anti virus program here;
www.AntiVirus.ae
Mohd Afzal.
1.1 Contain any material which is libelous or defamatory of any person, is obscene, offensive, hateful or inflammatory or causes damage to the reputation of any person or organisation.
1.2 Promote sexually explicit material, violence, discrimination based on race, sex, religion, nationality, disability, sexual orientation or age or any illegal activity.
1.3 Be made in breach of any legal duty owed to a third party, such as a contractual duty or a duty of confidence.
1.4 Be threatening, abuse or invade another's privacy, or cause annoyance, inconvenience or needless anxiety.
1.5 Be used to impersonate any person, to misrepresent your identity or affiliation with any person, or be likely to deceive any person.
1.6 Give the impression that they represent Zawya.
1.7 Advocate, promote or assist any unlawful act such as (by way of example only) copyright infringement or computer misuse.