NOW READ THIS
("Security Advisory")
Go Back
Submitted by: Bill Hickey
NCVA List Master
NRT-0174 Worm Targets Portable Memory Drives:
A researcher from security vendor Sophos says a new worm targeting removable drives is an example of a potential security threat for businesses. The SillyFD-AA worm searches for removable drives such as floppy disks and USB memory sticks and creates a hidden file called autorun.inf so that a copy of the worm runs the next time the devices is connected to a computer running Windows. In addition, it changes the title of Internet Explorer windows to say that the computer has been "Hacked by 1BYTE". The company's security experts advise users to disable the autorun facility of Windows so removable devices do not automatically launch when they are attached to a computer. Any storage device that is attached to a computer should be checked for virus and other malware BEFORE use, Sophos officials said. "USB keys are increasingly being given away at tradeshows and in direct mailshots, with marketing people using them as 'throwaways' to secure sales leads," says Brett Myroff, CEO of master Sophos distributor, NetXactics. Sophos experts noted that as more businesses now have strong defenses in place to protect against email-aware viruses and malware, hackers are increasingly looking for other less-well-defended routes, including USB keys, to infect innocent users. In this example, changing the title of the Internet Explorer browser's windows should be a clear sign to most people that something strange is afoot, says Myroff. "It also indicates that this particular variant of the worm has not been written with completely clandestine intentions. A savvier internet criminal would not have made it so obvious that the PC has been broken into."
Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code, which could infect the computers of innocent users.
(eWeek 04MAY07 // www.networktimes.co.za 07MAY07)
Last Modified: Saturday, 12-May-2007 08:24:59 EDT