cEnginEEr
January 30th, 2010, 08:28
few days ago eset security guys apparently have found a kinda interesting worm, overwriting mbr as its payload; the full story is here:
http://www.eset.eu/encyclopaedia/win32-zimuse-a-trojan-startpage-g-generic-1729691-threat-sysvenfakp-based-maximus
http://www.f-secure.com/v-descs/worm_w32_zimuse_a.shtml
I spent the last 3 hours searching for a sample, but no success; I know that tools request is forbidden here, but since this is NOT a tool, so I thought I can post a request for sample (that zipsetup.exe file); must be very interesting for analysis ;
regards
http://www.eset.eu/encyclopaedia/win32-zimuse-a-trojan-startpage-g-generic-1729691-threat-sysvenfakp-based-maximus
http://www.f-secure.com/v-descs/worm_w32_zimuse_a.shtml
I spent the last 3 hours searching for a sample, but no success; I know that tools request is forbidden here, but since this is NOT a tool, so I thought I can post a request for sample (that zipsetup.exe file); must be very interesting for analysis ;
regards