WatchGuard’s LiveSecurity team has discovered an alarming new strain of computer virus that is plaguing devices of all types, and even spreading to household electronics such as microwaves, electric toothbrushes and coffee makers. The new threat, known colloquially as ByteMarx (based on its file attachment ByteMarx.exe), is spreading rapidly throughout North America and Europe, and several recent cases have been reported in Australia and Southeast Asia. WatchGuard security experts have reported that this new malware could signal the initial stages of a cyber zombie network apocalypse. For breaking details, watch the short video below or continue reading.
(Runtime: 3:46)
Direct YouTube Link: http://www.youtube.com/watch?v=zrXwWz-RR1A
ByteMarx is a fast spreading computer and electronic device virus that seems to spread via email, instant messager (IM), and social network messages that contain links to a malicious file. Our security experts have discovered that once a device is infected with ByteMarx, response time slows significantly and the device hunts for other victim devices anywhere within range. Electronics afflicted with ByteMarx devour the information stored on hard drives, motherboards and circuitry of nearby devices. Rather than shutting down or malfunctioning, the victim device starts to display the traits of the malicious device and begins an insatiable, relentless hunt for other devices to attack. This process is known as “zombification.”
Additional symptoms of device zombification include:
- Spontaneous start-up after shut down of the device, even when unplugged (known as “living dead” capabilities)
- Inability of the device to enter “Sleep” or “Hibernate” power-saving modes
- Browser homepage defaults to The Walking Dead website
- Desktop icons and Emoticons turn green, disheveled and appear bloodthirsty
- Document names have all been changed to “Brainzzz.doc” and the content is no longer decipherable
- Audio files have been replaced with clips of moaning, shrieking, growling or screams of terror
- Default photos on social networking sites are changed to photos of zombies
So far, our experts haven’t discovered a way to clean or remove the virulent ByteMarx infection. Your only option is destroying the infected device before it spreads to other electronics. Unfortunately, the tainted devices seem to develop quite a resilience to normal damage. The only way we’ve discovered to stop an infected device is by taking out it’s CPU—also known as the brain of a computing device. We highly recommend you remain very wary of multi-processor devices, as they’re quite difficult to decommission once infected.
Experts are unsure of the origins of the ByteMarx malware, but early research shows evidence of the digitization of a mutated rabies virus, combined in an unholy union with a powerful form of malware. While investigations are still being conducted, early estimates show that nearly 38 percent of devices in the U.S. have already been infected with the virus, however it appears that organizations and individuals using red unified threat management (UTM) appliances to watch and guard networks have been able to successfully ward off attacks.
This attack has illustrated that there is an urgent need for companies around the globe to review their security infrastructure and ensure they are taking the proper precautions to prevent zombification of their network. If you don’t already have a UTM appliance, or can’t obtain one immediately, well… it may already be too late.
Although computer inoculation attempts have failed so far, WatchGuard LiveSecurity analysts will continue to try and develop anti-malware signatures for computers and other consumer electronics that might work as an antidote to the ByteMarx malware. In the meantime, we recommend you keep your favorite computers and consumer devices behind red UTM appliances, or try to find one to hunker behind immediately.
We’ll update you as this breaking situation develops. Until then, WatchGuard security experts would like to wish a sincere “Happy April Fool’s Day” to our customers and partners worldwide. — Corey Nachreiner, CISSP (@SecAdept)