Printer Friendly
The Free Library
14,506,428 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

USB flash drive worm spreads.


Sophos has discovered a worm which spreads by copying itself onto removable drives such as USB flash drives, in an attempt to spread information about AIDS and HIV HIV (Human Immunodeficiency Virus), either of two closely related retroviruses that invade T-helper lymphocytes and are responsible for AIDS. There are two types of HIV: HIV-1 and HIV-2. HIV-1 is responsible for the vast majority of AIDS in the United States. . The worm W32/LiarVBA- worm hunts for removable drives such as floppy disks and USB memory See USB drive.  sticks (as well as spreading via network shares), and then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is connected to a Windows PC An x86-based computer that runs some version of Windows. See x86 and Windows. .

Once it has infected a system it drops an HTML HTML
 in full HyperText Markup Language

Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web.  file containing a message about AIDS and HIV to the user's drive. The worm drops an HTML file containing a message about AIDS.

At the bottom of the HTML file there is a marquee message in white writing on a pink background. The message which scrolls from right to left reads as follows: 
This file Doesn't make harmful change to your computer. This File is NOT
DANGEROUS for your Computer and FlashDisk (USB). This File Doesn't
Disturb any Data or Files on your computer and FlashDisk (USB). So Don't
be affraid, and Be Happy!


A scrolling message displayed at the bottom of the HTM file An alternate file extension for HTML files. HTML files originated with Unix, where Web pages are commonly identified with an .HTML extension. The .HTM is an alternate in the Windows world, because three-byte extensions (.EXE, .DOC, etc.) are so commonly used.  claims that the worm causes no harm. Last month Sophos about another family of worms which targeted flash drives, changing installations of Internet Explorer to say that they were "Hacked by 1BYTE".

www.sophos.com
COPYRIGHT 2007 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2007, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Security News and Products
Publication:Software World
Date:Jul 1, 2007
Words:230
Previous Article:Kaspersky Wi Fi survey.(Security News and Products)
Next Article:PCI Security Vendor Alliance.(Security News and Products)



Related Articles
COUNTY MAY DROP JIM BROWN DEAL.(News)
Crescent rising.(Business)(Arlie & Company's booming 'urban village' is generating buzz)
OBITUARIES.(Vitals)(Obituary)
Lauderdale breaks through for Ems.(Sports)(The third baseman goes 4-for-4, and Canham comes through with a grand slam in a 9-7 victory over Vancouver)
All set up for display, firm adds direct sales.(Business)(Customers can buy Gibson Holders' stands at its Web site and its local showroom)
Stealth advertising incidents analyzed by UO professors.(Higher Education)(The practice of blurring news and advertising is more and more common, the...
$12 COTTON CANDY ASIDE, CIRCUS STILL THE 'GREATEST'.(LA.COM)
Skin care.(focus on INFECTION CONTROL)
Body cleanser.(focus on INFECTION CONTROL)
Disinfectant Wipes.(focus on INFECTION CONTROL)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles