Tuesday, March 2, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

There’s now COVID-19 malware that will wipe your PC and rewrite your MBR

April 2, 2020
in Internet Security
There’s now COVID-19 malware that will wipe your PC and rewrite your MBR
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

With the coronavirus (COVID-19) pandemic raging all over the globe, some malware authors have developed malware that destroys infected systems, either by wiping files or rewriting a computer’s master boot record (MBR).

With help from the infosec community, ZDNet has identified at least five malware strains, some distributed in the wild, while others appear to have been created only as tests or jokes.

You might also like

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

Scientists have built this ultrafast laser-powered random number generator

SolarWinds security fiasco may have started with simple password blunders

The common theme among all four samples is that they use a coronavirus-theme and they’re geared towards destruction, rather than financial gain.

MBR-rewriting malware

Of the four malware samples found by security researchers this past month, the most advanced were the two samples that rewrote MBR sectors.

Some advanced technical knowledge was needed to create these strains as tinkering with a master boot record is no easy feat and could easily result in systems that didn’t boot at all.

The first of the MBR-rewriters was discovered by a security researcher that goes by the name of MalwareHunterTeam, and detailed in a report from SonicWall this week. Using the name of COVID-19.exe, this malware infects a computer and has two infection stages.

In the first phase, it just shows an annoying window that users can’t close because the malware has also disabled the Windows Task Manager.


Image: SonicWall

While users attempt to deal with this window, the malware is silently rewriting the computer’s master boot record behind their back. It then restarts the PC, and the new MBR kicks in, blocking users into a pre-boot screen.

Users can eventually regain access to their computers, but they’ll need special apps that can be used to recover and rebuild the MBR to a working state.

mbr-msg.png

Image: SonicWall

But there was a second coronavirus-themed malware strain that re-wrote the MBR. This one is a far more convoluted malware operation.

It posed as the “CoronaVirus ransomware” but it was only a facade. The malware’s primary function was to steal passwords from an infected host and then mimic ransomware to trick the user and mask its real purpose.

However, it wasn’t ransomware either. It only posed as one. Once the data-stealing operations ended, the malware entered into a phase where it rewrote the MBR, and blocked users into a pre-boot message, preventing access to their PCs. With users seeing ransom notes and then not being able to access their PCs, the last thing users would thing to do is to check if someone exfiltrated passwords from their apps.

coronavirus-rw.png

Image: Bleeping Computer

According to analysis from SentinelOne security researcher Vitali Kremez and Bleeping Computer, the malware also contained code to wipe files on the user’s systems, but this didn’t appear to be active in the version they analyzed.

Furthermore, this one was also spotted twice, with a second version discovered by G DATA malware researcher Karsten Hahn, two weeks later. This time, the malware kept the MBR-rewriting capabilities but replaced the data wiping feature with a functional screen-locker.

Data wipers

But security researchers have spotted more than coronavirus-themed MBR-rewriters. They also spotted two data wipers.

Both were discovered by MalwareHunterTeam.

The first was spotted back in February. It used a Chinese file name, and most likely targeted Chinese users, although we don’t have information if it was distributed in the wild or was just a test.

The second was spotted yesterday, and this one was found uploaded on the VirusTotal portal by someone located in Italy.

MalwareHunterTeam described both strains as “poor wipers” because of the inefficient, error-prone, and time-consuming methods they used to erase files on infected systems. However, they worked, which made them dangerous if ever spread in the wild.

“alcuni accorgimenti da prendere per il Covid-19.zip” -> “Covid-19.exe” (60e9dfe954acf0b02a5b35f367cf36ae2bc9b12e02aa3085495c5d8c4c94611c) -> dropped “Covid-19.bat”, which is a poor wiper…
Seen from Italy.
Not sure it worse if it was created as joke or seriously.@JAMESWT_MHT pic.twitter.com/YkbFTq8LP7

— MalwareHunterTeam (@malwrhunterteam) April 1, 2020

It might seem weird that some malware authors create destructive malware like this, but it’s not the first time that this happened. For every financially-motivated malware strain that security researchers discover, there’s also one that was created as a joke, just for the giggles. Something similar happened during the WannaCry ransomware outbreak in 2017, when days after the original WannaCry ransomware encrypted computers all over the world, there were countless of clones doing the same thing for no apparent reason.


Credit: Zdnet

Previous Post

'Human-layer' cybersecurity and AI thwart data breaches (VB Live)

Next Post

Machine Learning Could Make Government More Incomprehensible

Related Posts

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC
Internet Security

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

March 2, 2021
Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
SolarWinds security fiasco may have started with simple password blunders
Internet Security

SolarWinds security fiasco may have started with simple password blunders

March 2, 2021
Singapore eyes more cameras, technology to boost law enforcement
Internet Security

Singapore eyes more cameras, technology to boost law enforcement

March 2, 2021
Free cybersecurity tool aims to help smaller businesses stay safer online
Internet Security

Free cybersecurity tool aims to help smaller businesses stay safer online

March 2, 2021
Next Post
Machine Learning Could Make Government More Incomprehensible

Machine Learning Could Make Government More Incomprehensible

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC
Internet Security

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

March 2, 2021
DSC Weekly Digest 01 March 2021
Data Science

DSC Weekly Digest 01 March 2021

March 2, 2021
The case for Bayesian Learning in mining
Machine Learning

The case for Bayesian Learning in mining

March 2, 2021
Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game
Data Science

Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game

March 2, 2021
Aries becomes next Hyperledger project graduating to active status
Blockchain

Aries becomes next Hyperledger project graduating to active status

March 2, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC March 2, 2021
  • DSC Weekly Digest 01 March 2021 March 2, 2021
  • The case for Bayesian Learning in mining March 2, 2021
  • Scientists have built this ultrafast laser-powered random number generator March 2, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates