PC Worm Spreads Beyond Intended Audience

The Internet security company 'ESET' has discovered "Win32/Zimuse," a computer worm, which is actually designed to target fans of a bike racers' club in Liptov, the central region of Slovakia. But the prank has become unmanageable as the worm penetrated to the organization networks and moved to the unintended targets.

ESET states that when the outbreak first started, it affected only the Slovakian users, causing more than 90% of the total infections. But now, the United States has the largest number of Zimuse-contaminated PCs. The other countries to follow are Slovakia, Thailand, Spain, Italy, the Republic of Czechoslovakia, and other countries in Europe, the security company added.

Further, it appears that the malware is a prank because its malicious content is unusual. Majority of modern malware aims to steal information treacherously. The presence of malware commonly represents by 'ransomware' software that locks (encrypt) users' data and then demands money from them to unlock (decrypt) it. But Zimuse (the malware) focuses on deleting data from the victim's system. It applies certain technique, which was common with former viruses - rewriting the database's top 50KB content stored on the host computer's Master Boot Record, with the virus' own files. These files prevent the computer from booting up.

Security researchers stated that the worm was found in two versions. These are Win32/Zimuse.A and Win32/Zimuse.B. The worm spreads via two methods. One, it embeds itself on genuine websites like an automatically extracted ZIP file. Second, it uses USB devices and similar exchangeable media. On account of the second method, the dissemination of Zimuse is rapid and it is expected to be still faster, according to the reseachers.

Zimuse's technique of dissemination is also different for each version as well as their activation time. While the 'A' version takes ten days to begin propagating through USB devices, version 'B' propagates after seven days of injection.

Hoping that the worm won't disseminate further, ESET researchers said that although most modern malware focused on stealing instead of deleting data, it was essential to ensure that a user's backup systems were functioning properly, as reported by ESET on its blog on January 22, 2010.

Related article: PC-Virus of 2005 Threatening Japanese Bank Accountholders, Warns Symantec

» SPAMfighter News - 2/1/2010