Log in

View Full Version : MBR worm


cEnginEEr
January 30th, 2010, 08:28
few days ago eset security guys apparently have found a kinda interesting worm, overwriting mbr as its payload; the full story is here:

http://www.eset.eu/encyclopaedia/win32-zimuse-a-trojan-startpage-g-generic-1729691-threat-sysvenfakp-based-maximus
http://www.f-secure.com/v-descs/worm_w32_zimuse_a.shtml

I spent the last 3 hours searching for a sample, but no success; I know that tools request is forbidden here, but since this is NOT a tool, so I thought I can post a request for sample (that zipsetup.exe file); must be very interesting for analysis ;

regards

Cthulhu
February 2nd, 2010, 12:51
I'm interested in the sample too.

cEnginEEr
February 6th, 2010, 07:16

on the source site of the worm (http://www.offroad-lm.szm.com ("http://www.offroad-lm.szm.com/")) this message has been posted:


Máte záujem o zdrojový kod vírusu? kontaktujte tvorcu: MPSOFTLM.SK



Dakujeme tvorcovi vírusu za popularizáciu našej web stránky!

google translation:


Are you interested in the source code of the virus? contact the creator: MPSOFTLM.SK



Thank the maker of virus dissemination of our site! 

I couldn't find any address to this guy MPSOFTLM.SK, anyone else has tried this?