Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


New Worm Targets Portable Memory Drives



 By: Brian Prince
2007-05-04
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Sophos researchers say worm is an example of hackers targeting removable devices in an effort to get around security.

Researchers from security vendor Sophos say a new worm targeting removable drives is an example of a potential security threat for businesses.

The SillyFD-AA worm searches for removable drives such as floppy disks and USB memory sticks and creates a hidden file called autorun.inf so that a copy of the worm runs the next time the device is connected to a computer running Windows. In addition, it changes the title of Internet Explorer windows to say that the computer has been "Hacked by 1BYTE."

Resource Library:
In an interview with eWEEK, Graham Cluley, senior technology consultant at Sophos, said the worm has not been widely distributed, and that researchers were warning the public because of the potential danger. It would be easy, he continued, to add to the worm the ability to transmit through other routes, such as e-mail and instant messaging.

"It is interesting to see hackers using different techniques in their attempt to break into peoples computers," said Cluley, in Abingdon, United Kingdom. "This type of attack is perhaps understandable as so many businesses these days do have e-mail gateway protection in place…they can scan files coming into their company via e-mail attachments, but cant check the files coming in attached to the keychain in peoples pockets."

Sophos researchers said hackers are increasingly looking for ways to attack businesses that will meet less resistance than more traditional e-mail-borne viruses and malware. The companys security experts advise users to disable the autorun facility of Windows so removable devices do not automatically launch when they are attached to a computer. Any storage device that is attached to a computer should be checked for virus and other malware before use, Sophos officials said.

An old worms return provides a reminder to keep security up to date. Click here to read more.

"Companies may also consider installing software which locks down and controls access to external drives such as USB sticks," Cluley said. "In some firms this may make sense not just because of the malware threat, but also the problem of employees stealing sensitive or confidential information out of a company on their USB drive."

Sophos officials recommend companies automatically update their corporate virus protection, and defend their users with a consolidated solution to defend against the threats of viruses, spyware, hackers and spam.

However, the threat of this particular worm is limited, partly because up-to-date desktop anti-virus software should be capable of intercepting the virus when it tries to run after a user has plugged in the USB memory stick, Cluley said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: New Worm Targets Portable Memory Drives
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}v⸲ZI>13IC/H!d3=2OͶMyo$v ݽϝI\RJR{{o~$rhiOH1%3zTwI}"I~xk#(7 Z)rduBԲ\3fөS7?`+,Q  tjOt0]2ds6!esM'cߨ``1Zm8lRB'Ajw(EJh]P(uxe$oqP}ؾ_T9ÙNL}! {>"B%h1Qus_7?~#fgB(ʻFziҖGdd9-r4=y͠*{ /\1r.ddqM[C/,gOrDƞ4HC+d!LJ^`:r,#GNX STVHf̴;kj4[kbc{K 7}($gtj.vߟF?(k8Q1̋)g?LG$9N؎MWEnڏMKm_j| 4v: 8" z5zxKHU6м)g_2o:vt\a_dY3򆳀ML6oS_֭cU)Zp\*Vr7mù,^|6q*syݙ/ EU ns~#>GA GfmG)-Ǒ4Pt;׽~l@.{oQ\`'HH_LZ.JX<řȃ Tr3 u3P礋\獒A_pa鰨cX@vqna5= 3+i3YN:AK~2/NMN /fٚY JdT0LzUYsY;>'g:Qڟ-lOkկ`:['^=:$~Y䎺540V+JJ-2OUL}xE$Y)rk"ٞBd}#;gcM<~xAh6 2Ta]vjWЬrxx[cW) >rƒ5$yWϝ7hr Ce)#p?SͅIhJq䠉c,YSl؅ RNFB@ X\U>q"E[fT}O 8{3Bqɝ`g@ы BD4?CC0"pd/nj?uK˚ɻfuݜn҅5]We wUCLK\zcOguEW~?u~]8^%g 5F0 heݴ%!8W5MGZ9LG탯fv\ JG-dj`qayΔA7vφ:NQm6?3jY}vi | I}Цޣ87}M H/0i\~{ͥn<&tayPŞ+ CߜQo^ϩ`I l"vڹe3%P͝HCJ$l%KW{́n '[ArS.hfh:6-yL#;WO{6R^)#0k4;a\(*JDelq-Zr3v,˹Ϧ qzI8|1L`_miT83G,#BUFDe 3/?4X)029_ >YP߉ ܕVR5]֙32-Rn:=9Ģ\Qۂ+B% ` N {ҧ|h:>#X& ,#E .2 JA46\,0|,W*Uˈ`n+V/( 7]@.&X Ӟ?DNS}O].C+DÜU^-bx/$jXU#rC(Jz\R*qVJ/wq)4ޜ)rs`~>g4Mc٧Pz; gn!Wڒߙ[W`eaSƘ=H?`SEt/ÊT);s9W*RD['ɂX VPŖGask'k0EC?% H*7hRhý23URzJM;OP,';Ђw>+? iQYf0`%5-*Jqe(ޒQ' Cŕ9 G[ݮcfu>:k}\W ZQa߯EUX^ :څHQi3 9| q?qߎ3XAmbJxނ9"yea@WIl֊hL;[JONMа6>̋yL[u3up]g8 oivQly2B#d߉g&z>m!\Dr?nnxPC"ǣj9`LfaN'1• u?akF&wLŌY2r L_AF`52A.rWD wl~+㧐osC/ܒ; f 퇫|*81FlK6,~xVf6)E|\D"pLnapzCdD">iK-&an$0|[rR)Y {4wl^?iJ#whk _R{4@,!Y* e 4v=.EЋ1ui&&l|dǶGe7M#3pTAkoZ,UeX379󊅚R9lz(rM5E |jŏh(5rHD!I(u(%ťIպi2RKbU)b<*쵊jdm  l⊖vJͥg`kH?"B55a2OvF^Iў@|b0hAw53yB8f'Su$N,+!Uq]w3M#>րh k0~f YV|ejMRԞD'L4 |bߏ uRģTTS7=5>A"wS[U5c:#RRhwĶZVr?'}Da!`T}VDw),E~w9ހg9 |R)TUdP%\xO}+4CZoi‚'Tnz߽\'Gwƒ"'!Z+73,qvëV15/ȷ\~>Z+> п"}QL X7I@ Ew%]7U}ֻHgn1`<=W~g]fcr;)Zyyϵ%<47sjzDV%]>\N͏-øBoٳP K cD16bx+]=/aoVta.g BF@qDWNzA+t:Kߧ5?wL.:m)ޠw%y07&Լ輻n48 `xѤȢ8B̔cxH>ן6 Bj Bu\z׭5g^ |ƹ}UYhrslPT4GS!ކq֭̚_f?ĄB?jΎy0P(  c@JA=6ohuWOi{kD-bcaJFrM=#ijVwLW$'Q):(9QA(Kѷo%F߀>1K_4~ ɮPRpL6as\|$B2^'28/:}hp)9 ڏIa]Zil} zsDaP;DZ3pu*dhw+-R!UkEwWcU+TFE:'%:mB}ޟ{_14+ߙL,*z5\mvkfv?sL:>dOC@/-vd1^4Yo a'AXyMwVrl8w@rs&8<#P`-ݺܭ)“g$`D@3=ég涣A jm3JN XW+iƟp$|+؊wOZ{kE|;̔-u\wW)&5!%O4y˭ LdT/soFK[⹏^}lQߏo^%~<-KX#Nh<:KBguT*~`.z_n:8Yz9/l< *,޽ SsΗzvnbJD~M**O";pi=j,0a΄#@< gtcd1qWZ7^ЖztfښYZ53M\:ЮU8TC9^î@d4/=0v^SzۚJA)DZ8YvD5tW^aWx4 ʏ7v}1eUe CO4@ 3\,#ƴ2b㡮RL(#+72g@Z. C TSr0,>sH,(}eȉNx| _Bh3dAWҠ,+Dϝ{iଷYM4| T 'pre}y H6cCvbE^a} Pr+Җ[wF(e$ + 3,$ .@ Rs,|חRTTʊ,r w1a@ 9h% 㿇s{eS 3}sZdn3o o.IQ$u(nZc+ &'~,a8 覥҉Z>T3 g KX̙DXX eO#M@GRvdBY*Tes1_;<.d@l|6u0_{R\=J*N)8Hr{=R& ʎhVnk+=;ԃ;Z-m) .L"=0PIS%O}&ׅ}0ye+ۉ3*RA m9x1nH0`}tSIMwIWΓ>Lt {uGFxQB"aDaEX$Vv◒Rޖ_*ϯI"2ގY6S_,3xE`Nx}gz# P]d*Q9vf VߔJ@Ajc+K,0Sy>x9R.U v!%tC$`p/Fy"mXǑv7ҶW{.cY%uf@cX '5A]A" %j岚fYCM,xM v|Zdz iOxywZUx2wR["=~#J1E) S% RtI'ׇo2aEtMgzO;hfj7zHRTo숈ƈhHFֈh-$J<..kQK5ӱ7 |l61͓KcPMb]d0iavCt_ykw}3"ϷwI; u4&{oeN3`b'4ݰM#X ݳaCdlNnjs­[ԘP1=fK.}6/@ yB5ϗN `F2]|N $MI7;آҖC\~gl55|{WH9>lC.ϻ`6-j"!,Ւ,#~HՄ#܈e."|w1/G|$k<-"(;@"2݉䌙m(6WS*ab0L+ZQmsvh6P? CXTLJmhs5NG,a4r^|~#tKvx6Te3b.uf1 7t"xA%I7I&?HP\;?};<[;wR0qZ= bYC( /r8M,3X4]Pw>p]o/|q{q FJW_[=6]?r[ON 8]1lNÔ4v\2OoJt 嗷!Z P4Wj@b#+}6gԭa.?[+ BlG#(52 _0̟qm;SBSʜCmatd;zݜLN%%?۾^c+@mU-06EaVz򽫡9ϫoo#fyjZ^Y,ffglp(h˼tec ~}P2H2@04ƗY'RI1Ʊ'!gL4s^(YXHk7{(FrpF\sKǠ+|xO18wi*@Q Kѷ/Yn/\FoQD&BPCX:rca[/^kwT|8{7~)vPln ZWQI+s/"_K̭y4 I3@z!O̷W7="f?C* O2{_OYl cJpìfmo0Q_n}y9v3*ga)(„'3?Q`R3<$䏕yb(Z3? U|5X FM@*6,?ze3F?P9xMǽ0>^:@*];PVôLpǮ,!/^qaI{Edy׹gL2ۉ,lgc4VƵ 5՚x k:$gW_I\mt 9Xqea>Py)~rY-k|aB>,<9],txZډbDk?L~Wθ/|=Psz1W5v%q CuF:`JC6b4H`~lNx.e%"[I{5lsl܈9/0ڑ]st >^$3B;ul^?Rm{ι0Ɣ!1V7*-^`ؖmmq.$]F Rt 3]slS; SсHsN^J1iT߉fVܞTk5X*I<}:`'L7OňVbR>fD9-EcSO#UP?cH݄C c F[)RUdwߠeȅ5T?0\~n+Zaql+/>@2-F\o|J7O![Y  Zq4c7 oozepX(P$u2#:- lZhTqED#PhbGAC&~I79k[145`BXRAO0Ó 26ƬhjbxL1fH'iւ͈is<1Aw}@>:WLQZj*!b3wإ4ϓ f>aH~H-렋vq]@y+LD9n Q&@ؔt7QI,Q/xc33Oʕ+X<ލ笠+˼Ng#Lb43{f;sj:rtT b8+M4;_x,ȏ%IŶnK فRPh$bc<=9a1jXέ =H?%1btu|jꞌBh),f,])B9xԵ>|Z&+J9R]C]x7vF7+ʷe]<+=镤B^Șp~/Yw7uxu1lCs'rֻ&Mrvnuj]oWj(;utڻtֹl_]w.ƙLG_ mc1|Q)| 4efvʂPδ'\ «!.Y.28$xG04Wy|UfVzq7 &6XCfuljEg5^L˒7sNN#CEu_Ц?hJc~窜4}V0<3(hO!u.۹F`Rb `NjP>7(-ʯO͌2ʑ-AQ~ g@ P!kw;\(u2eF9\}?J/akt3Ƨ w3n|o7]O7>]]n^f?fCyF?](f^f%e\]f_O/C@2U\W_\gOg7M/!>BǬrc~~3w7Y7{dwN2!(ofY NOo\8'\$_YWAa uyQ~R ~vX^eйR5ϐ SԿ72~2A\Zu CFWX=k *ϼdm4J5vIAm {} y7+/m"ycoĦBpq. 3l?V ][[,Oнٺ{ gBݓs+z`~\Lb}+r>V=՞b%dGD<mJ91}baOdO-:pD4)̽pǜLwV/3yK_x>{3+̌=q]tKn xr%>=#rߴOܗv<2+ՍƆ ~3b `i&OpVf:zT6lbq0&w!?gI]Id b0|e'0O2#0G MȮfAj |aڋ얈yp7F ?ޓKGJ Ǝ$| :rb{P΂d>x*(A\v5d$}9= zhwoPn3!馃%؉G'cӘ2{`9fo5FXk;MAc|h}t:WX ܦkPG4 (MP"Sqm$!3㱏w=EcБ_kk"tYwkd]9H|&zM p$.6=oj"2: gK“JҢwrcw[/FI)H[AʹX.f;n էR۞,`'/2^;' O 8>eC[gI2T~{F]*P=fZQO;= n"05Yz#ޒ{־0 ;C?Bر|8#eUI:.~kz|1(H@%Gb9G(]! MAE#`AR]eD$ug 3EϩfSdVA&{gٺ*عiUhHl;^"hc{Ex? \cwHVLt;Oulם@# P⁜2ћ>2Zc &۳|? Oe LM-IS`jsu=lﯲAS)O|0vGĶ2CŔk ]'ا3й?-{&e; k׀ei$6i>n)ڴF,ck-m<O! V!?c3VQٮ7GL=mHWTFETMQaW:60(|N5usjE]E>*;ЍA\gX3'X<ٰ޳sW=?5^:e;7_{0^ζp2$82" $(f6I{{AbZ XǢWQTR2!; /D?8 ciL;acXJ,oy cJ\gۂ~c˩3_+w;x-^cdX$֬LE")ԟc:({ z|k|FXKz:BMhcy0ѕD1F(-f,1Yܻ&L{څGSy6:|,݈bVS"Nd׊rq-9=ON*BX6c?r|f E@ý]^c*a?8#/ah0`yja.'"e})IDy)/-/($3}E.tqeAg T,7.kć <]fs鈇T54[;?;Go;ˌbhX*.㉊oڝw烣 ŧu,M'{.[RPBYZR$Du RzWVs.^/uK+_/0d[Wy &[snuEX;xdn+:cQEae=9,jŭ.{c;A\Qlm٦di29F{)1NΦK+‡ wm&l 2)v}md-c6C-{Xg19