Computers Worldwide Targetted by a MBR Worm

Initially perhaps conceived as a prank targeting a small community of bikers in central Slovakian region, the worm Win32/Zimuse.A and Win32/Zimuse.B has achieved worldwide notoriety. It is a type of threat that overwrites MBR (Master Boot Record) of all available drives with its own data, making the data stored on the user’s computer inaccessible. Moreover, the restoration of the corrupted data is complicated, requiring specialized software or a provider.

Since the worm’s inception, ESET has detected it on hundreds of computers of its users. Initially after the outbreak, only users in Slovakia were affected – accounting for over 90% of all infections. Presently, the greatest number of infected computers is in the United States, followed by Slovakia, Thailand and Spain, followed with Italy, Czech Republic and other European countries.

Read more...

 

Thanks for this, Marcos
An interesting and informative read.

 

Very interesting. Is it possible to show a VT detection screenshot of this sample?

Thanks

 

Posting VT results is against TOS, but I can tell you that ESET was the only AV to detect the virus about 3 days ago. We included the sample in a daily update for other AV vendors and notified them about it as well as some added detection only for the dropper Yesterday it was detected by 6 AVs out of which only 3 (including ESET) are famous and used on workstations.

 

ok, i googled and did not see any thing from other vendors except eset. I thought may be the worn is localized to a certain area. Actually i am interested to know the name given to this worm by other vendors.
Thanks

 

The article Maros was pointing to aigle is here