New Worm Targets Portable Memory Drives

May 05, 2007

Sophos researchers say worm is an example of hackers targeting removable devices in an effort to get around security.

Researchers from security vendor Sophos say a new worm targeting removable drives is an example of a potential security threat for businesses.

The SillyFD-AA worm searches for removable drives such as floppy disks and USB memory sticks and creates a hidden file called autorun.inf so that a copy of the worm runs the next time the device is connected to a computer running Windows. In addition, it changes the title of Internet Explorer windows to say that the computer has been "Hacked by 1BYTE."

In an interview with eWEEK, Graham Cluley, senior technology consultant at Sophos, said the worm has not been widely distributed, and that researchers were warning the public because of the potential danger. It would be easy, he continued, to add to the worm the ability to transmit through other routes, such as e-mail and instant messaging.

"It is interesting to see hackers using different techniques in their attempt to break into peoples' computers," said Cluley, in Abingdon, United Kingdom. "This type of attack is perhaps understandable as so many businesses these days do have e-mail gateway protection in place…they can scan files coming into their company via e-mail attachments, but can't check the files coming in attached to the keychain in peoples' pockets."

Sophos researchers said hackers are increasingly looking for ways to attack businesses that will meet less resistance than more traditional e-mail-borne viruses and malware. The company's security experts advise users to disable the autorun facility of Windows so removable devices do not automatically launch when they are attached to a computer. Any storage device that is attached to a computer should be checked for virus and other malware before use, Sophos officials said.

"Companies may also consider installing software which locks down and controls access to external drives such as USB sticks," Cluley said. "In some firms this may make sense not just because of the malware threat, but also the problem of employees stealing sensitive or confidential information out of a company on their USB drive."

Sophos officials recommend companies automatically update their corporate virus protection, and defend their users with a consolidated solution to defend against the threats of viruses, spyware, hackers and spam.

However, the threat of this particular worm is limited, partly because up-to-date desktop anti-virus software should be capable of intercepting the virus when it tries to run after a user has plugged in the USB memory stick, Cluley said.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: OrangeSec pair said Cortana visited Android

Related Stories

Iran poses growing cyber threat to US

Apr 16, 2015

Iran poses a growing threat to America's computer networks and has launched increasingly sophisticated digital attacks and spying on US targets, according to a new report released Thursday.

US spymaster warns over low-level cyber attacks

Feb 27, 2015

A steady stream of low-level cyber attacks poses the most likely danger to the United States rather than a potential digital "armageddon," US intelligence director James Clapper said on Thursday.

Powerful cyber spy tool linked to US-led effort

Feb 17, 2015

A powerful cyberspying tool can tap into millions of computers worldwide through secretly installed malware, security researchers say, with many signs pointing to a US-led effort.

When the ATM runs Windows, how safe is your money?

Oct 13, 2014

How safe is Microsoft Windows? After all, the list of malware that has caused major headaches worldwide over the last 15 years is long – viruses, worms and Trojans have forced computers to shut down, knocked South Korea offl ...

Recommended for you

OrangeSec pair said Cortana visited Android

9 hours ago

Can, did, Cortana work on Android? A talked-about act at droidcon 2015: a presentation titled "Cracking Cortana." The OrangeSec team arrived at the Turin, Italy, event to show their work in a CortanaProxy ...

Report: Trusted Voice option rolling out for some

Apr 15, 2015

Smart Lock is arguably the best new feature in Android Lollipop, wrote Droid Life founder "Kellex" in March. With a secure lock screen set, he said, the user gets a number of options in Smart Lock to keep the phone or tablet quickly unlockable w ...

Redirect to SMB vulnerability in Windows discovered

Apr 14, 2015

News stories on tech spots on Monday reported that the Irvine, California, security company Cylance's SPEAR research team discovered a vulnerability relating to all versions of Windows including the Windows ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.