Now there’s COVID-19 malware

With the coronavirus (COVID-19) pandemic raging all over the globe, some malware authors have developed malware that destroys infected systems, either by wiping files or rewriting a computer’s master boot record (MBR).

With help from the infosec community, ZDNet has identified at least five malware strains, some distributed in the wild, while others appear to have been created only as tests or jokes.

The common theme among all four samples is that they use a coronavirus-theme and they’re geared towards destruction, rather than financial gain.

MBR-REWRITING MALWARE

Of the four malware samples found by security researchers this past month, the most advanced were the two samples that rewrote MBR sectors.

Some advanced technical knowledge was needed to create these strains as tinkering with a master boot record is no easy feat and could easily result in systems that didn’t boot at all.

The first of the MBR-rewriters was discovered by a security researcher that goes by the name of MalwareHunterTeam, and detailed in a report from SonicWall this week. Using the name of COVID-19.exe, this malware infects a computer and has two infection stages.

In the first phase, it just shows an annoying window that users can’t close because the malware has also disabled the Windows Task Manager.

While users attempt to deal with this window, the malware is silently rewriting the computer’s master boot record behind their back. It then restarts the PC, and the new MBR kicks in, blocking users into a pre-boot screen.

Users can eventually regain access to their computers, but they’ll need special apps that can be used to recover and rebuild the MBR to a working state.

By Catalin Cimpanu | April 2, 2020

Click to read the entire article on ZDNet

More Posts

April 14 through 17, 2025

This week I will be working on checking SEO settings for all web sites. I will also be away from the office on Wednesday and

April 7 though 10, 2025

This week I will be reviewing site structures and making updates to improve SEO performance. This is a standard monthly process, however there are multiple