Computers Worldwide Targetted by a MBR Worm

Discussion in 'ESET NOD32 Antivirus' started by Marcos, Jan 23, 2010.

Thread Status:
Not open for further replies.
  1. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Initially perhaps conceived as a prank targeting a small community of bikers in central Slovakian region, the worm Win32/Zimuse.A and Win32/Zimuse.B has achieved worldwide notoriety. It is a type of threat that overwrites MBR (Master Boot Record) of all available drives with its own data, making the data stored on the user’s computer inaccessible. Moreover, the restoration of the corrupted data is complicated, requiring specialized software or a provider.

    Since the worm’s inception, ESET has detected it on hundreds of computers of its users. Initially after the outbreak, only users in Slovakia were affected – accounting for over 90% of all infections. Presently, the greatest number of infected computers is in the United States, followed by Slovakia, Thailand and Spain, followed with Italy, Czech Republic and other European countries.

    Read more...
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thanks for this, Marcos
    An interesting and informative read.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Very interesting. Is it possible to show a VT detection screenshot of this sample?

    Thanks
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Posting VT results is against TOS, but I can tell you that ESET was the only AV to detect the virus about 3 days ago. We included the sample in a daily update for other AV vendors and notified them about it as well as some added detection only for the dropper :) Yesterday it was detected by 6 AVs out of which only 3 (including ESET) are famous and used on workstations.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    ok, i googled and did not see any thing from other vendors except eset. I thought may be the worn is localized to a certain area. Actually i am interested to know the name given to this worm by other vendors.
    Thanks
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The article Maros was pointing to aigle is here
     
Thread Status:
Not open for further replies.