MBR infector

The co-evolution of TDL4 to bypass the Windows OS Loader patch (KB2506014 )

Our colleagues Aleksandr Matrosov and Eugene Rodionov are tracking the evolution of TDL4 (also known as Win32/Olmarik). The following is a report on the latest TDL4 update, released last week. In our previous blog post, we described how the latest Microsoft Security Update modified the Windows OS loader (winloader.exe) to fix a vulnerability that allowed

Bemused by Zimuse? (Dis is not one half)

Now here's a curiosity. Win32/Zimuse is a worm that exists in two variants, innovatively entitled Win32/Zimuse.A and Win32/Zimuse.B. In some ways it's a throwback to an earlier age, since it overwrites the Master Boot Record on drives attached to an infected system with its own data, so that data on the system becomes inaccessible without the

ESET Virus Radar

Archives

Copyright © 2013 ESET, All Rights Reserved.