From McAfee Security Advisory MTIS 12-132, recently issued :
Threat Identifier(s): W32/DistTrack
Threat Type: Malware
Risk Assessment: Low
Main Threat Vectors: WAN; LAN; Peer-to-Peer Networks
User Interaction Required: Yes
W32/DistTrack is a highly-destructive Trojan capable of overwriting data on targeted machines. Machines infected by it are rendered useless as most of the files, the MBR and the partition tables are overwritten with garbage data. The overwritten data is lost and is not recoverable. The initial infection vector is as of yet unknown, but the malware has the capability of spreading via Admin$ shares. When the initial executable is run it creates a copy of itself in the %SystemRoot%\System32 folder using the name tsksvr.exe. This dropped executable is the wiper module and is responsible for overwriting various files on the hard disk and also the MBR and Boot Sector. The wiper module also drops a file called drdisk.sys, which is a standard component from a commercial application that is used to allow programs low level access to hard disk drives. The Wiper module then uses this to overwrite the MBR and partition tables of the hard disk. The data used to overwrite these sectors is again the JPEG data as shown above. This renders the hard disk unusable and will not be recognized by the system after rebooting.
Importance: Low. This threat has gained media attention.
McAfee Product Coverage *
Coverage is provided as "W32/DistTrack" in the 6805 DATs, released August 15. A stand-alone Stinger tools is also available for download.
For more information see
Edit - Alternatively, try the following link (which I was unable to verify because the server was down)
The information in kc.mcafee.com is intended for Business users. The Extra.DAT and Stinger downloads though should be effective on Home User systems.
Message was edited by: Hayton on 21/08/12 13:20:42 IST