These days we’ve come across a new worm with old intentions. It has been detected as W32/Mseus.A, though it comes together with two friends W32/Mseus.A.worm and Rootkit/Mseus.B, a lovely bunch.

It’s very curious how social engineering is being used to trick users, this time appealing to the users’ vanity to check if they can be accepted as Mensa members.

When the malware is run, it drops different files in the computer. One of them is the IQ test, which when it is run, it displays a screen like the following, explaining us (in Czech) the aim of the test, what Mensa is and more information about this organization.

Although you get a great result in the test, your joy will be temporary when you find out what kind of malware has been installed in your computer. As it was said in The Exorcist, “The evil is within you”. You have a virus and a worm. We are on sale.

This virus overwrites the first 50kbs of the MBR with zeros, but it waits between 7 and 10 days before doing this, and meanwhile it attempts to spread through removable drives. I thought the MBR nightmare had come to an end. However, it still remains among us.

Curiously, the initial target of this attack was a motorcycle club, so maybe they’ve changed their name from “The Hell Angels” to “The Malware Angels”. But, if it were Homer Simpson’s club, it would be “The Malware Satans”.

For more information about this virus, click the links below:

In English: http://pandasecurity.lin3sdev.com/homeusers/security-info/217269/Mseus.A

In Spanish: http://pandasecurity.lin3sdev.com/spain/homeusers/security-info/217269/Mseus.A