W32.Disttrack
Posted: August 16, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 16 |
| First Seen: | August 16, 2012 |
|---|---|
| OS(es) Affected: | Windows |
W32.Disttrack is an upgraded variant of the dreaded Shamoon, a worm that invoked significant interest from PC security companies due to its direct attacks against crucial components in the system boot process. Besides including Shamoon's previous features, W32.Disttrack has widened its path of destruction to encompass many other files, including media-related content, and can be even more dangerous to the contents of your PC than the already-vicious Shamoon worm. SpywareRemove.com malware analysts recommend particularly strong network security as one of the most important methods of keeping W32.Disttrack away from your computer, since W32.Disttrack utilizes networks to infect new PCs, an infection vector that Shamoon also used to damage tens of thousands of computers in Middle Eastern attacks.
W32.Disttrack: Putting Your Hard Drive on the Fast Track to Annihilation
W32.Disttrack, like its recent ancestor Shamoon, automatically installs itself through local networks and removable devices when vulnerabilities present themselves. Avoiding unnecessary sharing of USB flash drives and keeping high security settings for network-shared folders should be considered absolutely crucial to minimize W32.Disttrack's distrbution. While most Shamoon attacks have been associated with industrial targets (such as the Saudi Aramco oil company), SpywareRemove.com malware experts have noted that W32.Disttrack's functions are just as dangerous to personal computers and lack any strict prerequisites that would limit their targets to any government or business-based systems. Local domains are explicitly targeted by W32.Disttrack's attempts at propagation.
W32.Disttrack, unlike earlier Shamoon-based worms, targets a broad range of files besides MBR (Master Boot Record) ones and overwrites them with randomized data (as opposed to the burning flag image that was preferred by Shamoon). Files that SpywareRemove.com malware experts can confirm as being targeted in W32.Disttrack's data-overwriting attacks include any files that are in a folder or subfolder with any of the following text strings:
- Desktop
- Document
- Download
- Music
- Picture
- Video
For example, any stored content in the default Windows folder 'My Documents' would be overwritten by W32.Disttrack. So far, SpywareRemove.com malware analysts note that files that are in locations that don't reference these text strings are unaffected by W32.Disttrack's attacks.
The Trouble in Catching W32.Disttrack Red-Handed
W32.Disttrack, just like its close relative Shamoon, also deletes itself and overwrites the MBR in the final stages of its attack. This causes the W32.Disttrack-infected PC to be unable to boot while also removing most traces of the original W32.Disttrack infection's existence. Because recovery from such attacks requires that you repair your MBR with an appropriate OS installer, SpywareRemove.com malware analysts recommend that you use anti-malware software to block W32.Disttrack infections proactively, rather than attempting to delete W32.Disttrack after W32.Disttrack is already compromised your PC.
Files that are overwritten by W32.Disttrack can be considered no better than deleted, and, in light of Shamoon's continued development under the name of W32.Disttrack, this should be considered an excellent reason to make regular backups of important files. Remote backups on separate USB devices can be considered ideal to prevent any possibility of W32.Disttrack infecting your backups along with the originals.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.