Results 1 to 3 of 3

Thread: MBR worm

  1. #1

    MBR worm

    few days ago eset security guys apparently have found a kinda interesting worm, overwriting mbr as its payload; the full story is here:

    http://www.eset.eu/encyclopaedia/win32-zimuse-a-trojan-startpage-g-generic-1729691-threat-sysvenfakp-based-maximus
    http://www.f-secure.com/v-descs/worm_w32_zimuse_a.shtml

    I spent the last 3 hours searching for a sample, but no success; I know that tools request is forbidden here, but since this is NOT a tool, so I thought I can post a request for sample (that zipsetup.exe file); must be very interesting for analysis ;

    regards

  2. #2
    I'm interested in the sample too.

  3. #3
    on the source site of the worm (http://www.offroad-lm.szm.com) this message has been posted:
    PHP Code:
    Máte záujem o zdrojový kod vírusukontaktujte tvorcuMPSOFTLM.SK

    Dakujeme tvorcovi vírusu za popularizáciu našej web stránky

    google translation:
    PHP Code:
    Are you interested in the source code of the viruscontact the creatorMPSOFTLM.SK

    Thank the maker of virus dissemination of our site

    I couldn't find any address to this guy MPSOFTLM.SK, anyone else has tried this?

Similar Threads

  1. finding worm injected exe name/path in memory
    By charlie in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: March 15th, 2012, 10:43
  2. Replies: 0
    Last Post: July 12th, 2009, 00:37
  3. Worst case worm
    By mike in forum Off Topic
    Replies: 1
    Last Post: June 15th, 2004, 13:11

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •