Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Automatic USB Malware Discovered

Sophos : 19 July, 2010  (Technical Article)
A zero-day vulnerability exists for USB devices even with Autorun disabled presenting a considerable threat to unprotected users
Experts at IT security and data protection firm Sophos are warning computer users of a rootkit that can install itself automatically from a USB memory stick onto a fully-patched PC, even if the user has disabled the Windows AutoRun and AutoPlay feature.

The W32/Stuxnet-B rootkit exploits a vulnerability in the way Windows handles .LNK shortcut files, that allows them to execute automatically if the USB stick is accessed by Windows Explorer. Once the rootkit is in place it effectively enters 'stealth-mode', cloaking its presence on the infected PC.

'Threats such as the infamous Conficker worm have spread very successfully via USB devices in the past, but were in part reduced by disabling AutoPlay. The risk is that more malware will take advantage of the zero-day exploit used by the Stuxnet rootkit, taking things to a whole new level,' explained Graham Cluley, senior technology consultant at Sophos. 'The exploit is still being analysed by the security community, but there are disturbing suggestions that the malware could be trying to access data specific to Siemens SCADA systems - software that controls national critical infrastructure.'

Curiously, the suspicious driver files carry the digital signature of Realtek Semiconductor Corp, a major supplier of computer equipment.

"It's important not to overreact to this threat, as the exploit has only recently been discovered and the security community has not yet established the extent of the risk to SCADA systems. But the fact that SCADA systems are involved at all does mean that everyone will be examining the attack closely. Eyes will also be turned to Microsoft to see how they will respond to what appears to be another unpatched vulnerability in their code that is being exploited by hackers.'

Sophos detects the malicious files involved in the attack as W32/Stuxnet-B.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo