A new MBR-based hack is now targeting German users, who are at risk of having their systems rendered unusable by malware being sent via spam messages. Trend Micro recently uncovered what it terms a \u201cnoteworthy backdoor\u201d as an attached file in certain spam variants sent to German recipients. The spam sample the security firm found tells recipients they have to pay a certain debt, the details of which are contained in the attachment. Like any backdoor, it (BKDR_MATSNU.MCB) performs certain malicious commands, which include gathering machine-related information sent to its command-and-control (C&C) server. \u201cThis particular malware, on top of its ability to remotely control an affected system, is able to wipe out the Master Boot Record \u2013 a routine that had previously caused a great crisis in South Korea,\u201d noted Lenart Bermejo, threat response tech lead at Trend Micro.<\/p>\n","protected":false},"excerpt":{"rendered":"
<\/p>\n
McAfee\u2019s latest Quarterly Threats Report noted a surge in MBR attacks, where the goal is to infect a machine\u2019s storage system, and from there take control of the entire device.<\/p>\n
<\/p>\n
The German-targeted malware doesn\u2019t stop at wreaking of MBR havoc though: another feature is the backdoor\u2019s capability to lock and unlock a screen. \u201cThis locking of screen is definitely a direct copy from ransomware\u2019s playbook, in which the system remains completely or partially inaccessible unless the victim pays for the ransom,\u201d Bermejo said.<\/p>\n
<\/p>\n
Another possible scenario is a version of the MBR exploit that is integrated with the screen blocking routine, which will make the screen locking command easier to execute.<\/p>\n
<\/p>\n