Your new post is loading...
Practical Perspectives for the Midsize Business. Brought to you by IBM.
Researchers have detected a new malware threat that could have a devastating effect on midsize businesses: DistTrack, also known as Shamoon, removes the data stored on an infected machine and modifies the hard disk drive's master boot record (MBR), a boot sector that contains the bootstrap code and information about the HDD's partition table.
According to Symantec, DistTrack contains three major components: the Dropper, the Wiper, and the Reporter. The Dropper copies itself to the target workstation, creating a duplicate of itself in the %system root%\system32 folder under the name "tsksvr.exe." The malware then creates a process to execute itself and creates a service--borrowing the name "Distributed Link Tracking Server"--that executes the process when Windows loads.
The Wiper overwrites personal files contained in the Download, Documents, Pictures, Videos, and Music folders and corrupts the MBR so that the computer is rendered unbootable. The last component, the Reporter, sends data about the compromised machine to the hacker; the data includes information such as the Internet protocol (IP) address of the system and the name of the domain on which it resides.
Read more:
http://midsizeinsider.com/en-us/article/new-malware-threat-deletes-files-and-int
