Initially perhaps conceived as a prank targeting a small community of bikers in central Slovakian region, the worm Win32/Zimuse.A and Win32/Zimuse.B has achieved worldwide notoriety. It is a type of threat that overwrites MBR (Master Boot Record) of all available drives with its own data, making the data stored on the user's computer inaccessible. Moreover, the restoration of the corrupted data is complicated, requiring specialized software or a provider.
Since the worm's inception, ESET has detected it on hundreds of computers of its users. Initially after the outbreak, only users in Slovakia were affected - accounting for over 90% of all infections. Presently, the greatest number of infected computers is in the United States, followed by Slovakia, Thailand and Spain, followed with Italy, Czech Republic and other European countries.
The worm uses two ways to spread - either via embedding in legitimate websites, in the form of a self-unpacking ZIP file or as an IQ test program, or via Exchangeable media, such as USB devices. The fact that it relies on USB devices to propagate is responsible for its rapid dissemination, which is likely to increase even further.
To date, the worm's two variants - Win32/Zimuse.A and Win32/Zimuse.B differ in the method of spread and the timing of activation. While the A-variant needs 10 days to start spreading via USB devices, its B- variant needs only 7 days since infiltration. Moreover, the time needed for the execution of the destructive routine is shortened in the B-variant from the original 40 days to 20.
Moreover, if the right removal method is not used, the worm shifts to its destructive mode. This is similar to making the right choice on which wire to cut, and in what sequence in a bomb-defusing operation.
There is a widely held suspicion that the worm was intended to infect the computers of fans of a motorcycle club in the central Slovakian Liptov region, however, it has spread beyond this target group once it started attacking company networks. What's more, the infiltration was reminiscent of the well-known OneHalf threat in the worm's behavior, the country of origin (both originating in Slovakia), and the inflicted damage - causing the total paralysis of the system it attacks.
The infiltration does not posses a degree of sophistication that would encrypt the data on the disk, instead it was designed to corrupt the MBR (Master Boot Record) of physical disk drives. It emulates the old-time threats in that it is timed to go off - in this case in 40 days since the infiltration.
Users of ESET products - namely ESET NOD32 Antivirus and ESET Smart Security are protected against this threat. However, in order eliminate the potential of data loss as a result of its corruption by the worm, ESET recommends to its users to back up their important data.
ESET has also recently published Zimuse Removal Tool.
-Ends-
About ESET
Founded in 1992, ESET is a global provider of security solutions for enterprises and consumers. Thanks to its ThreatSense.Net® technology, ESET is able to collect data on a volunteer basis from users all around the world, which helps us react quickly to emerging threats. ESET has offices in Bratislava, SK; Buenos Aires, AR; San Diego, USA and has an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named by Deloitte's Technology Fast 500 one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.
About ADAOX
ADAOX is the regional business development and support center for ESET's range of security products including the award-winning ESET NOD32 and ESET Smart Security. ADAOX, today, is a leading Value Added Distributor which provides IT Security Solutions and Services to customers across the Balkans and the Middle East regions. ADAOX enables customers protect, store and manage their valuable data; and works closely with its Channel Partners to empower them by extending technical expertise, support and training to develop their overall capabilities.
With offices in Cyprus, Greece and the United Arab Emirates, ADAOX specializes in value added distribution and support of IT Security Solutions in the areas of Malware Protection, Disaster Recovery, Web Filtering, Internet Bandwidth Optimization, Unified Threat Management, Antispam and Intrusion Detection & Prevention. ADAOX is committed to ensuring customer satisfaction by offering its partners and customers quick response to all their queries and the best prices in the market. For further information, please visit http://www.adaox.com
This press release has been sent to you by Nirmala D'souza, OAK Consulting, on behalf of ADAOX Middle East.
© Press Release 2010
