This is a must-read article from BitDefender Malware City Blog about a new nasty e-threat posted on January 25th 2010. Here it goes:
BitDefender has identified a new e-threat that combines the destructive behavior of a virus with the spreading mechanisms of a worm. Two variants are known to this day.
Called Win32.Worm.Zimuse.A, this malicious piece is extremely dangerous, unlike average worms, it would lead to severe data loss as it overwrites the first 50 KB of the Master Boot Record, a key zone of the hard disk drive.
Win32.Worm.Zimuse.A enters the computer disguised as an apparently harmless 'IQ Test'. Once executed, the worm creates between seven and eleven copies of itself (depending on the variant) in critical areas of the Windows system.
In order to execute itself on each Windows boot-up, the worm sets the following registry entry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Dump"="%programfiles%\Dump\Dump.exe"And also creates two driver files, namely %system%\drivers\Mstart.sys and %system%\drivers\Mseu.sys.
The really unfortunate thing about this worm is the fact that in its early stages, it's almost impossible for users to become aware that the system has fallen victim to this e-threat. If a certain number of days have elapsed since the infection (40 days for variant A and 20 days for variant B), users will receives an unusual system error message pops-up on the screen and on the next restart will represent with the fatal moment of the computer, nothing else to do, it's too late, the damaged is done .
The hard disk is damaged as the boot sector has been compromised.
Watch this video for a better picture on how Win32.Worm.Zimuse.A attack and destroying the hard disk boot sector.
In order to stay safe, install and update a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection and to manifest extra caution when prompted to open files from unfamiliar locations.
January
Very nice article!
ReplyDelete