January 2010
Virus Writers Produce Hardware Damaging Code with Win32.Worm.Zimuse
Disguised IQ test combines virus, rootkit and worm -- malicious code for one fatal formula
BitDefender╝, an award-winning provider of innovative anti-malware security solutions, today identified a new e-threat that combines the destructive behavior of a virus with the spreading mechanisms of a worm. There are two known variants of this virus, which enters the computer as a harmless IQ test.
Once executed, the worm creates between seven and eleven copies of itself (depending on the variant) in critical areas of the Windows system.
Win32.Worm.Zimuse.A is an extremely dangerous piece of malware. Unlike average worms, Win32.Worm.Zimuse.A could lead to severe data loss as it overwrites the first 50 KB of the Master Boot Record - a key zone of the hard disk drive.
In order to execute on each Windows boot-up, the worm sets the following registry entry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Dump"="%programfiles%\Dump\Dump.exe
It also creates two driver files, namely:
%system%\drivers\Mstart.sys and %system%\drivers\Mseu.sys
Since 64-bit versions of Windows Vista and Windows 7 require digitally signed drivers, the worm would fail installing these files.
Unfortunately, in its early stages, this worm makes it nearly impossible for users to know their system has fallen victim to the e-threat. If a certain number of days have elapsed since the infection (40 days for variant A and 20 days for variant B), the computer user receives an error message stating that a problem has occurred due to malicious content in IP packets from a peculiar-looking web address. It then asks the user to recover the system by pressing ⌠OK.■ After this message, the next restart causes the computer▓s hard disk to become damaged due to the compromised boot sector. To view a video detailing what occurs during an attack by Win32.Worm.Zimuse.A, please click here.
In order to stay safe, BitDefender recommends downloading, installing and updating a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection. Users should also employ extra caution when prompted to open files from unfamiliar locations.
About Bitdefender®
Bitdefender is the creator of one of the world's fastest and most effective lines of internationally certified internet security software.Since 2001, the company has been an industry pioneer, introducing and developing award-winning protection. Today, Bitdefender technology secures the digital experience of around 400 million home and corporate users across the globe.
Recently, the company has won a range of key independent recommendations in the US, UK and across Europe, including ConsumerSearch, Which?, Stiftung Warentest and Taenk. Bitdefender antivirus technology has also finished top in leading industry tests from both AV Test and AV-Comparatives. More information about Bitdefender's antivirus products is available from the company's security solutions press room. Additionally, Bitdefender publishes Malware City providing the latest updates on security threats and helping users stay informed in the everyday battle against malware.