New Windows Malware Wipes Master Boot Record


Trend Micro researchers recently came across Windows malware that's capable of remotely controlling an infected system and wiping the Master Boot Record.

The malware, BKDR_MATSNU.MCB, is curently being distributed via German spam that claims the recipient owes money, and that details of the debt are included in an attachment. Opening the attachment then executes the malware.

The malware gathers information about the infected PC and sends it to its command and control server -- and then is able to wipe the Master Boot Record and/or to lock the screen and demand payment from the victim in order to unlock it, in classic ransomware fashion. Which of the two it does (or both) depends on which command or module is sent from the command and control server.

"For better protection, users should always be cautious be the email they receive and must not readily open any attachments," writes Trend Micro threat response tech lead Lenart Bermejo. "If your system is already infected, it is a safer bet to not pay for the 'ransom,' as paying does not guarantee anything."