MBR worm attack or all new - well forgotten old
Recently, a previously unknown worm, Win32 / Zimuse, aimed at damaging the master boot record of the MBR ( Master Boot Record ) on the hard disk has been widely distributed on the Internet.
It is noteworthy that this threat was originally created as a joke to infect one small community of Slovak bikers. Perhaps it was the machinations of a rival motorcycle club. However, today the worm is already out of control of its authors and is actively spreading around the world. At the same time, 90% of all infected users were first located in Slovakia. But now the USA, Thailand and Spain are leading in the number of infections, with Italy, the Czech Republic and other European countries slightly behind.
Win32 / Zimuse damages the master boot record of the MBR on all hard drives it detects. This makes it inaccessible to the user all the data on the hard disk.
')
The worm spreads in two ways: as an application on completely legal web resources that mimics the behavior of a self-extracting zip archive or as an IQ test program, and also on removable USB media. It is the second method that influenced the rapid growth of its spread.
After launching IQ-test programs, users can observe a text message in Czech, which once again confirms the occurrence of this worm from Eastern Europe.
To date, the worm is known in two versions - Win32 / Zimuse.A and Win32 / Zimuse.B . They differ in their distribution method and activation time. Option “A” needs 10 days before distribution via USB-devices, the second - only 7 days from the moment of infection.
This kind of incident was previously known with the OneHalf virus, which caused a lot of noise in the mid-nineties. At that time, many antivirus programs were powerless against this threat. OneHalf infected the MBR and encrypted user data. Many treatment options for this virus have resulted in damage to the boot sector and data loss. In the process of investigating and searching for OneHalf authors, most of the facts indicated that its distribution began in Slovakia, and most likely the author was also from there.
Users of the anti-virus products ESET NOD32 Antivirus and ESET NOD32 Smart Security are protected from the threat of Win32 / Zimuse, and for everyone else, ESET has developed a special utility that allows you to get rid of the Zimuse Removal Tool .
It is noteworthy that this threat was originally created as a joke to infect one small community of Slovak bikers. Perhaps it was the machinations of a rival motorcycle club. However, today the worm is already out of control of its authors and is actively spreading around the world. At the same time, 90% of all infected users were first located in Slovakia. But now the USA, Thailand and Spain are leading in the number of infections, with Italy, the Czech Republic and other European countries slightly behind.
Win32 / Zimuse damages the master boot record of the MBR on all hard drives it detects. This makes it inaccessible to the user all the data on the hard disk.
')
The worm spreads in two ways: as an application on completely legal web resources that mimics the behavior of a self-extracting zip archive or as an IQ test program, and also on removable USB media. It is the second method that influenced the rapid growth of its spread.
After launching IQ-test programs, users can observe a text message in Czech, which once again confirms the occurrence of this worm from Eastern Europe.
To date, the worm is known in two versions - Win32 / Zimuse.A and Win32 / Zimuse.B . They differ in their distribution method and activation time. Option “A” needs 10 days before distribution via USB-devices, the second - only 7 days from the moment of infection.
This kind of incident was previously known with the OneHalf virus, which caused a lot of noise in the mid-nineties. At that time, many antivirus programs were powerless against this threat. OneHalf infected the MBR and encrypted user data. Many treatment options for this virus have resulted in damage to the boot sector and data loss. In the process of investigating and searching for OneHalf authors, most of the facts indicated that its distribution began in Slovakia, and most likely the author was also from there.
Users of the anti-virus products ESET NOD32 Antivirus and ESET NOD32 Smart Security are protected from the threat of Win32 / Zimuse, and for everyone else, ESET has developed a special utility that allows you to get rid of the Zimuse Removal Tool .
Source: https://habr.com/ru/post/81957/
All Articles