New worm spread via USB flash drives
By Rene Millman,
Experts have warned users of a new type of worm that propagates itself via USB flash memory devices.
The SillyFD-AA worm has been shown to search for removable drives on a computer and then makes copies of itself on these devices. It then creates a hidden file called "autorun.inf" which runs the worm next time the flash drive is plugged into a Windows computer. It also changes the title of Internet Explorer windows to append the phrase "Hacked by 1BYTE".
Graham Cluley, senior technology consultant at anti-virus firm Sophos said that USB drives are increasingly being given away at trade shows and in direct mailshots as they are now so cheap.
"Marketing people are prepared to use them as 'throwaways' with the aim of securing sales leads," he said. "Computer owners should tread very carefully when plugging an unknown device into their PC, however, as it could have malicious code planted on it."
He said that with a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals "bent on targeting a specific business with their malicious code."
He said that hackers are now looking for less defended entry points into organisation's infrastructure and USB devices offered a way in.
"In this example, changing the title of the Internet Explorer browser's windows should be a pretty clear sign to most people that something strange is afoot," said Cluley. "It also indicates that this particular variant of the worm has not been written with completely clandestine intentions. A more savvy internet criminal would have not made it so obvious that the PC has been broken into, but silently steal from the PC without leaving such an obvious clue."
He said that users should consider disabling the autorun facility of Windows so removable devices such as USB keys and CD-Roms do not automatically launch when they are attached to a PC.
advertisement
Latest Security Features
NHS IT - something to celebrate?
To mark the 60th anniversary of the NHS, IT PRO examines the massive IT overhaul at the health services giant.
- Q&A – Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- USB Flash Disks: A modern day business curse?
- Creating a mobile data management policy
- Behind the scenes: Symantec's malware battle
- The rise of storage security
- Google Mail Security
- Demand for tougher data breach legislation
- An Audience with Bill Gates
Latest Security Reviews
Finjan Vital Security Web Appliance NG-6000S
Rating: 
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
- EXCLUSIVE: Arbor Networks Peakflow X 3.7
- EXCLUSIVE: Check Point UTM-1 1050
- EXCLUSIVE: Finjan Vital Security NG-5100
- EXCLUSIVE: Astaro Security Gateway 120 Appliance
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?