New Worm Targets Portable Memory Drives

Researchers from security vendor Sophos say a new worm targeting removable drives, called the SillyFD-AA worm, searches for removable drives such as floppy disks and USB memory sticks and creates a hidden autorun.inf file which makes the worm execute the next time the device is connected to a computer running Windows. In addition, it changes the title of Internet Explorer windows to say that the computer has been "Hacked by 1BYTE." The threat of this particular worm is limited, partly because up-to-date desktop anti-virus software should be capable of intercepting the virus when it tries to run.

Graham Cluley, senior technology consultant at Sophos, said the worm has not been widely distributed, and that researchers were warning the public because of the potential danger. It would be easy, he continued, to add to the worm the ability to transmit through other routes, such as e-mail and instant messaging. "This type of attack is perhaps understandable as so many businesses these days do have e-mail gateway protection in place...they can scan files coming into their company via e-mail attachments, but can't check the files coming in attached to the keychain in peoples' pockets," said Cluley.

Sophos' security experts advise users to disable the autorun facility of Windows so removable devices do not automatically launch when they are attached to a computer. Any storage device that is attached to a computer should be checked for virus and other malware before use, Sophos officials said. "Companies may also consider installing software which locks down and controls access to external drives such as USB sticks. In some firms this may make sense not just because of the malware threat, but also the problem of employees stealing sensitive or confidential information out of a company on their USB drive," said Cluley.

News source: eWeek

Report a problem with article
Previous Story

Europe switches on to internet TV

Next Story

U.S. To Keep Internet Gambling Ban

11 Comments

Commenting is disabled on this article.

"This type of attack is perhaps understandable as so many businesses these days do have e-mail gateway protection in place...they can scan files coming into their company via e-mail attachments, but can't check the files coming in attached to the keychain in peoples' pockets," said Cluley.

Cluley is obviously cluless as most modern antivirus scanners scan attached devices.

Eh? Ordinary USB keys can't be used to autorun using the autorun.inf files. In fact, there's a whole line of special USB keys to do this (U3)!

No, USB keys can be made to do this, albeit with user interaction... (I've done it :cheeky: )
In my experience Windows "asks" first - "what do you want to do with your USB drive?", and your option is in the list - so I s'pose the tool who made this would have to make it look all pretty and appealing... e.g. "Free pr0n!"

... Ok, maybe not the last bit.

Esvandiary said,
No, USB keys can be made to do this, albeit with user interaction... (I've done it :cheeky: )
In my experience Windows "asks" first - "what do you want to do with your USB drive?", and your option is in the list - so I s'pose the tool who made this would have to make it look all pretty and appealing... e.g. "Free pr0n!"

... Ok, maybe not the last bit. :rolleyes:

I've witnessed keys that will still run regardless.. but also some that deliberately garble the "Open" when you right click on it and it will auto run the program then as well.

We've had 2 different USB based virusii going around at uni. Luckily I have a macbook so I can keep cleaning my friends keys.