Vicious, Data Destroying Virus DiscoveredWritten by Sue Walsh on February 2, 2010
Security researchers have discovered a vicious new virus. Dubbed Win32.Worm.Zimuse.A, it appears to have originated in Slovakia but has been quickly making its way around the world with the highest rate of infection now in the United States, followed by Slovakia, Thailand, and Italy. The virus and its variant, Win32.Worm.Zimuse.B, both work in the same destructive way. Once the system is infected, Zimuse creates between 7-11 copies of itself, installs a rootkit, alters system registry entries, and creates several driver files. After a pre-determined number of days (40 for A, 20 for B) it springs to life with a poorly written fake Windows Defender warning:
“System Defender – Kernel Error 0xC00000005
This problem is unambigously cause by malicious contents in IP packers in transport layer from website: www.offroad-lm.szm.sk. To bee patient, Windows Defender scan your hard drive(s) for bugs caused by system incompatible code. To recovery of system press OK button. Wait to successfull end of scanning. Inform about this administrator on www.szm.sk and incriminated web site.”
Once that appears, the system is doomed. The next time the user restarts the computer they will be greeted with the heart stopping error “FATAL: No bootable medium found.” This is because the virus overwrites the Master Boot Record, which permanently damages the drive. What makes this virus even more dangerous is that until the message pops up it’s nearly impossible to know the system is infected.
Win32.Worm.Zimuse A and B distribute themselves in very different ways. The first variant embeds itself on legit sites, possibly by poisoning an ad network, and pretends to be an IQ test. The second spreads via exchangeable media like USB flash drives. Experts think it was a malicious prank intended only for fans of a Slovakian motorcycle gang but it has gone far beyond that, destroying data wherever it lands. This could be especially devastating if it hit a critical government or business network.
It is extremely important to make sure your data is backed up safely and to be more cautious than ever about sharing storage media and clicking on links. All IQ tests should be avoided, and web surfing should be confined to familiar sites. If you aren’t sure if your system’s anti-virus programs are up to date, contact your IT department.