New Windows-backdoor deletes MBR

Antivirus company Trend Micro warns of a new backdoor BKDR_MATSNU.MCB , which is actively promoted through mass mailings, especially in Germany. The malware has the unpleasant feature: a command from the remote C & C-server, or it can block the loading of the PC, or delete the master boot record. Backdoor class ransomware before that extorts money from the victim. Probably, erasing MBR is in retaliation for the fact that the user has refused to pay, although it may be part of the procedure is to hide the evidence produced after payment.

Another anti-virus company McAfee reports a significant increase in MBR-attacks in the I quarter. 2013 . Here is it is not about a backdoor pests, and of Trojans that modify the master boot record for reliable registration system as an administrator.

In I quarter. 2013 McAfee has registered a growth of such incidents by 30%. Among the most popular are mebroot, Tidserv, Cidox and Shamoon.


For information about other trends in the development of malware, refer to the quarterly report¬†“McAfee Threats Report: First Quarter 2013”¬†.


Tagged , , , , ,