Worm.Zimuse.A & B

New blended worm in the wild !

ESET: Win32/Zimuse.A is a type of threat that overwrites MBR (Master Boot Record) of all available drives with its own data, making the data stored on the user’s computer inaccessible. Moreover, the restoration of the corrupted data is complicated, requiring specialized software or a provider. [...] Presently, the greatest number of infected computers is in the United States, followed by Slovakia, Thailand and Spain, followed with Italy, Czech Republic and other European countries. [...] The worm uses two ways to spread – either via embedding in legitimate websites, in the form of a self-unpacking ZIP file or as an IQ test program, or via Exchangeable media, such as USB devices.

BitDefender: ... this malicious piece is extremely dangerous; unlike average worms, it would lead to severe data loss as it overwrites the first 50 KB of the Master Boot Record, a key zone of the hard disk drive.

Details:
ESET: Computers Worldwide Targetted by a MBR Worm, removal tool is available: Zimuse Removal Tool.

BitDefender: Malware Alert - Win32.Worm.Zimuse.A - The Hard-Disk Wrecker, Blended formula of virus, rootkit and worm. Result: fatal.

Update your anti-virus. Always back up your important files: docs, pics, movies, bookmarks, emails, email settings, ms-office settings, passwords, etc..

Hi there! I saw this worm alert on the bitdefender blog and said to myself I'll back up my files and I'll never download IQ tests:))) don't panic people , update your antivirus software and don't download garbage; I trust my Bitdefender..and I have a 32 bits system:D

Hi
I remember not that long ago that on the “ Am I infected “ section that MBAM and SAS took care of most everything. Now folks need to use rkill before MBAM and it seems that is now being defeated. I try to be careful and have my anti virus on auto update along with having site advisor installed. I have also told my kids don’t click anything that doesn’t have the site advisor check mark. I have the feeling though that no matter how careful we are it is just a matter of time before some super bug hits.
Also can some one give the definition of “ In the wild” as it is used here?
Best Regards
Nawtheasta

Also can some one give the definition of “ In the wild” as it is used here?

Hi Nawtheasta,

There is an organization called "WildList Organization". It collects monthly reports from anti-virus experts around the world. They produce a list of those virusues currently spreading. A virus that is reported by two or more of the WildList reporters will appear in the top-half of the list and is deemed to be 'In the Wild".

Worm.Zimuse.A & B were reported by BD, ESET, and by Avira, three serious anti-virus companies. You can assume it is on the list.

Thanks Daisuke
I have often wondered what determined this classification
Best Regards
Nawtheasta