RSS Alerts
The trojan was originally intended as a localized malware attack against a group of Slovakian bikers.

Share

More services

Related Links

Related Stories

  • 2009 was a record year for malware
    A PandaLabs report claims that 2009 will go down as perhaps the most prolific in malware history. In 2009, malware creators tapped into search tools used by the majority of web surfers, and exploited current events and popular culture.
  • Malware rebounds as cause of data loss
    Malware has rebounded to become the biggest cause of data loss in organizations, according to a report from the Computer Security Institute (CSI). Malware infections far exceed the next most common cause - laptop and mobile hardware theft - said the 2009 CSI Computer Crime and Security Survey.
  • From the Eye of the Storm: 2011 Information Security Predictions
    Last January, Infosecurity magazine published prognostications by the (ISC)² Advisory Board of the Americas (ABA) regarding the information security field in 2010. Unlike many who have attempted to envision the future, the ABA has gone back and reviewed the accuracy of its predictions and provided a letter grade for each. The ABA will then offer new predictions for 2011.
  • The art of social engineering
    Social engineering is not new and it’s here to stay. Kevin Townsend looks at how social networking is a social engineer’s best friend and asks what we can do to protect ourselves from this very real – and very personal – threat
  • ESET says Slovakian internet prank turns into global infection
    IT security vendor ESET has reported that a destructive worm that was originally conceived as a prank targetting a small community of Slovakian bikers, has now spread worldwide. Currently, ESET says, the greatest number of infections by Win32/Zimuse are in the US.

Top 5 Stories

News

Prank malware spreads across internet

22 January 2010

Anti-virus company ESET has discovered what it thinks is a prank gone wrong. The company suspects that Win32/Zimuse, which has swept the US, was originally intended as a localized malware attack against a group of Slovakian bikers.

ESET has reason to believe that the the trojan was originally intended to infect the computers of fans of a motorcycle club in the central Slovakian Liptov region. But the joke got out of hand when the malware infiltrated company networks and moved beyond its original intended audience.

"At the beginning of the outbreak, only users in Slovakia were affected, accounting for over 90% of all infections," ESET said. "At present, the greatest number of infected computers are in the United States, followed by Slovakia, Thailand and Spain, followed with Italy, Czech Republic and other European countries."

The malware seems to be a prank because of its unusual payload. Most malware today focuses on stealthily stealing data. If it makes its presence known, then it is generally ransomware, encoding users' data on a machine and asking them for money before decrypting it for them. But this malware concentrates on trashing user data. It uses a technique common in the early days of viruses, overwriting the first 50Kb of data on the master boot record (MBR) of the target machine with its own data, which stops it from booting up.

Win32/Zimuse can be spread through a self-unpacking ZIP file delivered via a hacked website, or via USB drives. It has two variants: A and B. B waits for less time before spreading itself (seven days compared to ten), and also waits only 20 days before overwriting the data on the target machine's drive (half the time of the A variant). It will also automatically execute the destructive payload if it senses a removal attempt, making it a tricky target for anti-malware companies.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012