Win32/Zimuse wormWhat is it?
With the shift by criminals to making money from malware, we sometimes forget that the old school virus writers never disappeared. Recently researchers at ESET discovered a new worm that spreads through removable media, like thumb drives. This one is nasty as it also overwrites the master boot record of the hard drive.
How does it work?
The destruction is done by overwriting the first 50 kilobytes of the hard drive with zeros. An ”A” variant has a 40-day time delay before it destroys data. A “B” variant shortens the time bomb to 20 days. The worm shows up on some websites as an IQ test. This worm appears to have been written to target an off-road club in Slovakia, but has since spread. The majority of infections are being seen in the U.S.
How can I prevent it?
As always, deliberate caution in what you click on is in order. Detection for the attack is pretty good, with the majority of AV products able to identify the worm and vendors providing free removal tools.