Worm that wipes out your data!

Check this out! the worm is disguised as an IQ Test, very unique..

 

That´s why apps should always first be executed in a virtual environment, I´ve read that besides Sandboxie, KAV/KIS and the new Avast 5 offer this feature. Of course running it in a true virtual machine like Vmware is probably a bit safer.

But I think it´s really disappointing that M$ (with billions on the bank) still hasn´t build a virtualization feature (for security) into Windows, we really need have container-based virtualization, something like iCore Virtual Accounts, for example. Actually, I think it´s a damn shame.

 

Yeah, But Microsoft already did great job.
You can easily prevent this worm by just using either LUA or 64-bit OS.
So Microsoft already defended users from this threat, it's just users who don't want follow recommendations.

1. As you can see 64-bit OS digitally-signed driver requirement blocks it.

2. And worm needs to write into HKEY_Local_machine registry and Program files folder. Both of them denied under LUA.

EDIT: By the way OP named Thread incorrectly.
worm doesn't wipe out your data.

 

Over the years they thought about it many times, os, server, application and ie sandboxing and of course there is App-V, VPC and ie8.

A recent interview called Inside Windows 7: The Mark Russinovich Interview by Paul Thurrott talks a little of this :

The rest of the article gives some insight into 7 and maybe worth a read.

 

This is part of the Win Vista/7 "Patch Guard" feature, I guess? I must admit, it is a good idea to secure the kernel, a lot of attacks will be stopped by this alone, but it also means that some security tools won´t be able to deliver the same protection as on XP.

Keep in mind, without admin rights you can not install certain tools. And if you did give it admin rights, it would probably still be able to overwrite the Master Boot Record and do other stuff.

It´s not the same, I´m talking about process virtualization, not heuristics. Btw, I´ve read that the sandbox in Avast 5 sucks bigtime.

Thanks for the info, nice to know that they are at least thinking about it, perhaps we can expect it in Windows 8? But seriously, they really need to add this feature ASAP, I mean they got the money and brainpower I assume, and this really can become a big selling point, they can promote container-based virtualization as THE new big security solution, now that would be cool.

 

Of course we must not overlook Bitdefender's age old advice conveyed by all these antimalware vendors for the perfect tonic:

 

This worm seems to still be making its rounds. I got a junk email today asking me to take an IQ test, I have a high feeling it was this worm. I see no reason for a IQ testing company to use a shortened URL unless they are hiding something.

 

Can you post the contents of the email message w/o the URL?

thanks,

rich

 

All I remember is that is said are you smarter than this person, click on this shortened URL to find out. What made me suspicious was is that I received it on my webs.com account, the user I got it from was a new user and had a name that was trying to look like a official webs.com staff member, but no where on the profile it said staff it just said new member that just joined.

 

I think that the "thing" on my machine is related to this.

Having had to rebuild the MFT on one of my drives already. And the fact that my wife's computer acted as if the ghost I put on it was infected (couldn't be? - burned to disk ~2 yrs ago...) resulting in me raw writing the drive randomly as part of the way I put it out.

Also, my MBR has changed since last time I saved it...

So, hope it doesn't reboot.

I'm doing the best I can to get the rest of these files moved somewhere else...

(ext3 sounds 'bout right)

 

I tried it on Win7 VM( executed as Admin). It did not work to destroy MBR as I can,t trigger its MBR destrying action, it,s something related to a specific date n time.

 

Try setting your PC Clock 10+ days into the future and then rebooting.

 

Hmmm.... Ok, will try that later.

Thanks