New Worm Targets Portable Memory Drives

May 05, 2007

Sophos researchers say worm is an example of hackers targeting removable devices in an effort to get around security.

Researchers from security vendor Sophos say a new worm targeting removable drives is an example of a potential security threat for businesses.

The SillyFD-AA worm searches for removable drives such as floppy disks and USB memory sticks and creates a hidden file called autorun.inf so that a copy of the worm runs the next time the device is connected to a computer running Windows. In addition, it changes the title of Internet Explorer windows to say that the computer has been "Hacked by 1BYTE."

In an interview with eWEEK, Graham Cluley, senior technology consultant at Sophos, said the worm has not been widely distributed, and that researchers were warning the public because of the potential danger. It would be easy, he continued, to add to the worm the ability to transmit through other routes, such as e-mail and instant messaging.

"It is interesting to see hackers using different techniques in their attempt to break into peoples' computers," said Cluley, in Abingdon, United Kingdom. "This type of attack is perhaps understandable as so many businesses these days do have e-mail gateway protection in place…they can scan files coming into their company via e-mail attachments, but can't check the files coming in attached to the keychain in peoples' pockets."

Sophos researchers said hackers are increasingly looking for ways to attack businesses that will meet less resistance than more traditional e-mail-borne viruses and malware. The company's security experts advise users to disable the autorun facility of Windows so removable devices do not automatically launch when they are attached to a computer. Any storage device that is attached to a computer should be checked for virus and other malware before use, Sophos officials said.

"Companies may also consider installing software which locks down and controls access to external drives such as USB sticks," Cluley said. "In some firms this may make sense not just because of the malware threat, but also the problem of employees stealing sensitive or confidential information out of a company on their USB drive."

Sophos officials recommend companies automatically update their corporate virus protection, and defend their users with a consolidated solution to defend against the threats of viruses, spyware, hackers and spam.

However, the threat of this particular worm is limited, partly because up-to-date desktop anti-virus software should be capable of intercepting the virus when it tries to run after a user has plugged in the USB memory stick, Cluley said.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Madison, Wis., becoming a force in video game industry

add to favorites email to friend print save as pdf

Related Stories

When the ATM runs Windows, how safe is your money?

Oct 13, 2014

How safe is Microsoft Windows? After all, the list of malware that has caused major headaches worldwide over the last 15 years is long – viruses, worms and Trojans have forced computers to shut down, knocked South Korea offl ...

Is your USB stick the enemy?

Aug 12, 2014

Computer users everywhere are looking at the USB stick sat next to their computer this week with trepidation. Many are now wondering if this trusted friend has turned against them now that cybersecurity experts ...

Global wave of Flame cyber attacks called staggering

May 28, 2012

(Phys.org) -- Kaspersky Lab has discovered complex malware that has been in operation for at least five years, collecting data from countries including both Israel and Iran. Kaspersky experts think the masterminds ...

NATO mobilises for cyber warfare

Nov 18, 2010

In 1989, before the Internet revolution, Suleyman Anil was the lone man in charge of the security of NATO's IT system, armed with a single computer.

Recommended for you

N. Korea suffers another Internet shutdown

7 minutes ago

North Korea suffered an Internet shutdown for at least two hours on Saturday, Chinese state-media and cyber experts said, after Pyongyang blamed Washington for an online blackout earlier this week.

Sony's PlayStation 'gradually coming back'

7 minutes ago

Sony was still struggling Saturday to fully restore its online PlayStation system, three days after the Christmas day hack that also hit Microsoft's Xbox, reporting that services were "gradually coming back."

Chattanooga touts transformation into Gig City

8 minutes ago

A city once infamous for the smoke-belching foundries that blanketed its buildings and streets with a heavy layer of soot is turning to lightning-fast Internet speeds to try to transform itself into a vibrant ...

Uber broke Indian financial rules: central bank chief

10 minutes ago

India's central bank chief lashed out at Uber, already under fire over the alleged rape of a passenger, saying the US taxi-hailing firm violated the country's financial regulations by using an overseas payment ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.