SOURCE: BitDefender


January 25, 2010 13:14 ET

Virus Writers Produce Hardware Damaging Code With Win32.Worm.Zimuse

Disguised IQ Test Combines Virus, Rootkit and Worm -- Malicious Code for One Fatal Formula

BUCHAREST, ROMANIA--(Marketwire - January 25, 2010) - BitDefender®, an award-winning provider of innovative anti-malware security solutions, today identified a new e-threat that combines the destructive behavior of a virus with the spreading mechanisms of a worm. There are two known variants of this virus, which enters the computer as a harmless IQ test.

Once executed, the worm creates between seven and eleven copies of itself (depending on the variant) in critical areas of the Windows system.

Win32.Worm.Zimuse.A is an extremely dangerous piece of malware. Unlike average worms, Win32.Worm.Zimuse.A could lead to severe data loss as it overwrites the first 50 KB of the Master Boot Record -- a key zone of the hard disk drive.

In order to execute on each Windows boot-up, the worm sets the following registry entry:


It also creates two driver files, namely:

%system%\drivers\Mstart.sys and %system%\drivers\Mseu.sys

Since 64-bit versions of Windows Vista and Windows 7 require digitally signed drivers, the worm would fail installing these files.

Unfortunately, in its early stages, this worm makes it nearly impossible for users to know their system has fallen victim to the e-threat. If a certain number of days have elapsed since the infection (40 days for variant A and 20 days for variant B), the computer user receives an error message stating that a problem has occurred due to malicious content in IP packets from a peculiar-looking web address. It then asks the user to recover the system by pressing "OK." After this message, the next restart causes the computer's hard disk to become damaged due to the compromised boot sector. To view a video detailing what occurs during an attack by Win32.Worm.Zimuse.A, please visit:

In order to stay safe, BitDefender recommends downloading, installing and updating a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection. Users should also employ extra caution when prompted to open files from unfamiliar locations.

About BitDefender®

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention, emerging as the industry's anti-malware innovator. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

Contact Information