Terrorist’s mainfesto used to spread disk-wiping malware

Graham Cluley

New Zealand shooter's manifesto used to spread disk-wiping malware

New Zealand shooter's manifesto used to spread disk-wiping malware
The world was horrified earlier this month by the mass-shootings of worshippers at mosques in Christchurch, New Zealand.

The alleged culprit reportedly distributed a 73-page so-called manifesto entitled “The Great Replacement”, chockablock with white supremacist rhetoric.

The document was circulated on forums and social media websites, and – in an attempt to prevent its spread – New Zealand’s government classified it as “objectionable”, and made it a crime to possess or distribute it anywhere in the country.

Well, if you needed any other reason not to hunt the internet for a copy of “The Great Replacement” to download, here’s one from the research team at security firm Blue Hexagon.

As researcher Irfan Asrar describes, someone has taken a copy of shooter’s Word document and weaponised it to download malicious code from the internet.

Anyone opening the modified manifesto could find their computer’s Master Boot Record (MBR) destructively overwritten, and as their Windows computer reboots they’ll be faced with a message:

This is not us!

This is not us

In many ways it’s a throwback to the early days of malware, when some viruses would overwrite a PC’s boot-up code and display messages such as “Your computer is now stoned!”. And yes, virus historians, I’m well aware that the Stoned virus was also known as New Zealand…

This new malware hasn’t been created to grant remote hackers access to an infected PC, nor to steal files, or hold the victim to ransom. My guess is that whoever created the malware-laden version of the document was outraged by the horror of the shooting of innocent people, and simply wanted to bloody the nose of anyone showing an unhealthy interest in it.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

6 Replies to “Terrorist’s mainfesto used to spread disk-wiping malware”

  1. Wow, for a "security" website you sure have no idea what you are talking about. Just another garbage clickbait site to avoid.

    Disk-wiping? That's not a stretch it's a blatant lie or the ramblings of a confused old man.

    Either way it shows everything on this site is misinformation.

      1. MBR is only 512mb so far from an entire hard drive. Its like 1 grain of sand from a bag of sand. But a pain ont he bum for someone who's not tech savyto fix.

        1. I remember in the old days some folks would reformat their hard drives when they discovered they had been infected by an MBR virus like Stoned – not realising that they had just wiped all of their hard drive, *apart* from the virus. Oops!

  2. This is awesome, shame just wipes the MBR. As a previous cretin has pointed out, it won't stop people reading it, but it might put a few people off.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES