Randy Abrams, director of technical education, ESET
March 01, 2010
Threat of the month

THREAT OF THE MONTH

Win32/Zimuse worm

What is it?
With the shift by criminals to making money from malware, we sometimes forget that the old school virus writers never disappeared. Recently researchers at ESET discovered a new worm that spreads through removable media, like thumb drives. This one is nasty as it also overwrites the master boot record of the hard drive.

How does it work?
The destruction is done by overwriting the first 50 kilobytes of the hard drive with zeros. An ”A” variant has a 40-day time delay before it destroys data. A “B” variant shortens the time bomb to 20 days. The worm shows up on some websites as an IQ test. This worm appears to have been written to target an off-road club in Slovakia, but has since spread. The majority of infections are being seen in the U.S.

How can I prevent it?
As always, deliberate caution in what you click on is in order. Detection for the attack is pretty good, with the majority of AV products able to identify the worm and vendors providing free removal tools.
From the March 2010 Issue of SCMagazine »
Similar Articles

Sign up to our newsletters

More in Opinions

Spotting the "black swans" of security

Spotting the "black swans" of security

How can it be that firms can feel confident in their security technology investments and their people, yet ultimately still believe that they remain at great risk?

Me and my job: Blake Frantz, Center for Internet Security

Me and my job: Blake Frantz, Center for ...

A brief Q&A with Blake Frantz, director of benchmark development, security benchmarks division, Center for Internet Security (CIS).

BlackBerry back in the game

BlackBerry back in the game

Thanks to BYOD, gone are the days of one single mobile device manufacturer or model to support, says Dimension Data Americas' Darryl Wilson.