Randy Abrams, director of technical education, ESET
March 01, 2010
Threat of the month

THREAT OF THE MONTH

Win32/Zimuse worm

What is it?
With the shift by criminals to making money from malware, we sometimes forget that the old school virus writers never disappeared. Recently researchers at ESET discovered a new worm that spreads through removable media, like thumb drives. This one is nasty as it also overwrites the master boot record of the hard drive.

How does it work?
The destruction is done by overwriting the first 50 kilobytes of the hard drive with zeros. An ”A” variant has a 40-day time delay before it destroys data. A “B” variant shortens the time bomb to 20 days. The worm shows up on some websites as an IQ test. This worm appears to have been written to target an off-road club in Slovakia, but has since spread. The majority of infections are being seen in the U.S.

How can I prevent it?
As always, deliberate caution in what you click on is in order. Detection for the attack is pretty good, with the majority of AV products able to identify the worm and vendors providing free removal tools.
From the March 2010 Issue of SCMagazine »
Similar Articles

More in Opinions

Follow me on this, your security team includes non-security people

Follow me on this, your security team includes ...

A successful security professional will tap into an organization's entire employee base to get results. And the benefits will go both ways.

Me and my job: Marty Edwards, ICS-CERT

Me and my job: Marty Edwards, ICS-CERT

Marty Edwards' job is to coordinate efforts between the government and the private sector.

Debate: Is advanced malware no longer a problem when administrator rights are ...

In this month's debate, experts discuss if advanced malware is still a persistent challenge after administrator rights are removed.