Researchers from security vendor Sophos say a new worm targeting removable drives, called the SillyFD-AA worm, searches for removable drives such as floppy disks and USB memory sticks and creates a hidden autorun.inf file which makes the worm execute the next time the device is connected to a computer running Windows. In addition, it changes the title of Internet Explorer windows to say that the computer has been "Hacked by 1BYTE." The threat of this particular worm is limited, partly because up-to-date desktop anti-virus software should be capable of intercepting the virus when it tries to run.
Graham Cluley, senior technology consultant at Sophos, said the worm has not been widely distributed, and that researchers were warning the public because of the potential danger. It would be easy, he continued, to add to the worm the ability to transmit through other routes, such as e-mail and instant messaging. "This type of attack is perhaps understandable as so many businesses these days do have e-mail gateway protection in place…they can scan files coming into their company via e-mail attachments, but can't check the files coming in attached to the keychain in peoples' pockets," said Cluley.
Sophos’ security experts advise users to disable the autorun facility of Windows so removable devices do not automatically launch when they are attached to a computer. Any storage device that is attached to a computer should be checked for virus and other malware before use, Sophos officials said. "Companies may also consider installing software which locks down and controls access to external drives such as USB sticks. In some firms this may make sense not just because of the malware threat, but also the problem of employees stealing sensitive or confidential information out of a company on their USB drive," said Cluley.
News source: eWeek
Graham Cluley, senior technology consultant at Sophos, said the worm has not been widely distributed, and that researchers were warning the public because of the potential danger. It would be easy, he continued, to add to the worm the ability to transmit through other routes, such as e-mail and instant messaging. "This type of attack is perhaps understandable as so many businesses these days do have e-mail gateway protection in place…they can scan files coming into their company via e-mail attachments, but can't check the files coming in attached to the keychain in peoples' pockets," said Cluley.
Sophos’ security experts advise users to disable the autorun facility of Windows so removable devices do not automatically launch when they are attached to a computer. Any storage device that is attached to a computer should be checked for virus and other malware before use, Sophos officials said. "Companies may also consider installing software which locks down and controls access to external drives such as USB sticks. In some firms this may make sense not just because of the malware threat, but also the problem of employees stealing sensitive or confidential information out of a company on their USB drive," said Cluley.
News source: eWeek
In my experience Windows "asks" first - "what do you want to do with your USB drive?", and your option is in the list - so I s'pose the tool who made this would have to make it look all pretty and appealing... e.g. "Free pr0n!"
... Ok, maybe not the last bit.
In my experience Windows "asks" first - "what do you want to do with your USB drive?", and your option is in the list - so I s'pose the tool who made this would have to make it look all pretty and appealing... e.g. "Free pr0n!"
... Ok, maybe not the last bit.
I've witnessed keys that will still run regardless.. but also some that deliberately garble the "Open" when you right click on it and it will auto run the program then as well.
Cluley is obviously cluless as most modern antivirus scanners scan attached devices.
Ok who are the idiots not runing AV protection on their desktops, you all deserve to get hit with viruses!!
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.