Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

USB worm attacks removable media.

Sophos : 20 June, 2007  (Technical Article)
The LiarVB-A worm spreads through removable media attached to USB ports or floppy disk drives to spread AIDS message.
IT security and control firm, Sophos, has discovered a worm which copies itself onto removable drives, such as USB flash drives, in an attempt to spread information about AIDS and HIV.

The LiarVB-A worm hunts for removable drives such as floppy disks and USB memory sticks, as well as spreading via network shares, and then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is connected to a Windows PC. Once it has infected a system, it drops an HTML file containing a message about AIDS and HIV to the user's drive.

'Much of the malware we see is designed to generate income for the hackers, but this worm is different in that respect - it appears that the motive was to spread information about AIDS instead,' said Graham Cluley, senior technology consultant at Sophos. 'Even though the hackers responsible for this worm aren't set on filling their pockets with cash, and may feel that they are spreading an important message, they are still breaking the law. In the future we might see more graffiti-style malware being written on behalf of political, religious and other groups looking for a soapbox to broadcast their opinions.'

At the bottom of the HTML file there is a message which claims the worm causes no harm. It reads as follows:

'This file Doesn't make harmful change to your computer. This File is NOT DANGEROUS for your Computer and FlashDisk (USB). This File Doesn't Disturb any Data or Files on your computer and FlashDisk (USB). So Dont be affraid, and Be Happy !'

'It's nonsense to say that this worm doesn't harm computers - it makes changes to a PC's settings and overwrites files,' continued Cluley. 'There is no such thing as a useful virus. Companies should be allowed to decide for themselves what code runs on their computers rather than virus writers thinking it's okay to inject whatever code they like into corporate networks.'

Last month, Sophos warned about another family of worms which targeted flash drives, changing installations of Internet Explorer to say that they were 'Hacked by 1BYTE'.

Sophos experts advise that users disable the autorun facility of Windows so that removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC. Any storage device which is attached to a computer should be checked for viruses and other malware before use. Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code which could infect the computers of innocent users.

This is not the first piece of malware to be associated with information about AIDS. In 1989, Dr Joseph Popp distributed an AIDS information floppy disk to more than 20,000 people. The Trojan horse program on the floppy disk would trash users' disks if they did not send money to a rented post office box in Panama. Popp's creation is considered one of the very first examples of ransomware.

Sophos recommends companies automatically update their corporate virus protection, and defend their users with a consolidated solution to defend against the threats of viruses, spyware, hackers and spam.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo