There's now COVID-19 malware that will wipe your PC and rewrite your MBR

Solarquest

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Content source
https://www.zdnet.com/article/theres-now-covid-19-malware-that-will-wipe-your-pc-and-rewrite-your-mbr/
Security researchers have discovered coronavirus-themed malware created to destroy users' computers.

With the coronavirus (COVID-19) pandemic raging all over the globe, some malware authors have developed malware that destroys infected systems, either by wiping files or rewriting a computer's master boot record (MBR).

With help from the infosec community, ZDNet has identified at least five malware strains, some distributed in the wild, while others appear to have been created only as tests or jokes.

The common theme among all four samples is that they use a coronavirus-theme and they're geared towards destruction, rather than financial gain.

MBR-rewriting malware
Of the four malware samples found by security researchers this past month, the most advanced were the two samples that rewrote MBR sectors.

...
...
 
  • Like
  • +Reputation
  • Wow
Reactions: DDE_Server, show-Zi, Protomartyr and 11 others
Parsh

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Users can eventually regain access to their computers, but they'll need special apps that can be used to recover and rebuild the MBR to a working state.
Click to expand...
The 2nd strain is a scarily growing trend in the wild. Having a ransomware-like activity as a front and silently stealing sensitive information in the background... the user is made to eventually believe that the sole purpose of the attack was trashing their systems.

As a home user or in companies, standard user accounts should be the preferred one and unknown/uninitiated prompts be discarded to reduce the likelihood of such attacks. A major problem in industries should be dealt well, besides mock runs - cracking down on spear phishing that employees fall for.
Also, the management at corporates and hospitals should realize the need for running the latest OS, keeping them updated ... and then the technical teams being able to take the advantage of using UEFI+GPT (with SecureBoot enabled) to make such prevalent MBR re-writing malware insignificant. Perhaps GPT targeting malware won't be very far either.
The governments and their IT ministries should be conscious and insist on training efforts / up-to-date education for teams at vital services across the country. I've seen some of them issuing cybersecurity standards and best practices on their sites.
 
Last edited:
  • Like
Reactions: plat, DDE_Server, show-Zi and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,259
The original blog posting from the SonicWall Capture Labs Threat Research team:
securitynews.sonicwall.com

CoronaVirus Trojan overwriting the MBR | SonicWall

A Trojan that overwrites the MBR
securitynews.sonicwall.com securitynews.sonicwall.com
SonicWall Capture Labs provides protection against this threat via the following signature:
  • GAV: KillMBR.Corn_A (Trojan)
Indicators Of Compromise (IOC):
  • DFBCCE38214FDDE0B8C80771CFDEC499FC086735C8E7E25293E7292FC7993B4C
Click to expand...
VirusTotal:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
 
  • Like
  • Thanks
Reactions: plat, DDE_Server, show-Zi and 8 others
Stopspying

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
  • Like
Reactions: Gandalf_The_Grey, plat, DDE_Server and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
Reports of COVID-19 malware threats heavier in states with increased testing
Replies
1
Views
1,010
News Archive
Antus67
Antus67
silversurfer
    • Like
    • +Reputation
Fake Fedex and UPS delivery issues used in COVID-19 phishing
Replies
1
Views
1,057
News Archive
Antus67
Antus67
silversurfer
    • Like
    • Wow
    • +Reputation
As Coronavirus Spreads, So Does Covid-19 Themed Malware
Replies
2
Views
1,418
News Archive
plat
P

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top