USB Flash drive worm spreads Aids info

Worm designed to promote awareness of HIV and Aids

Written by Robert Jaques

vnunet.com, 20 Jun 2007

Security experts have disclosed details of a worm that copies itself onto removable drives, such as USB Flash drives, in an attempt to spread information about Aids and HIV.

The LiarVB-A worm hunts for removable drives such as floppy disks and USB memory sticks, as well as spreading via network shares.

It creates a hidden file called 'autorun.inf' to ensure that a copy of the worm is run the next time the drive is connected to a Windows PC.

Once it has infected a system, it drops an HTML file containing a message about Aids and HIV to the user's drive.

"Much of the malware we see is designed to generate income for the hackers, but this worm is different in that it spreads information about Aids instead," said Graham Cluley, senior technology consultant at Sophos.

"Even though the hackers responsible for this worm are not set on filling their pockets with cash, and may feel that they are spreading an important message, they are still breaking the law.

"In the future we might see more graffiti-style malware being written on behalf of political, religious and other groups looking for a soapbox to broadcast their opinions."

At the bottom of the HTML file is a message which claims that the worm causes no harm. It reads as follows:

'This file Doesn't make harmful change to your computer. This File is NOT DANGEROUS for your Computer and FlashDisk (USB). This File Doesn't Disturb any Data or Files on your computer and FlashDisk (USB). So Dont be affraid, and Be Happy!'

"It is nonsense to say that this worm does not harm computers. It makes changes to a PC's settings and overwrites files," said Cluley.

"There is no such thing as a useful virus. Companies should be allowed to decide for themselves what code runs on their computers rather than virus writers thinking it is OK to inject whatever code they like into corporate networks."

Sophos warned last month of another family of worms which target Flash drives, this time changing installations of Internet Explorer to say that they were 'Hacked by 1BYTE'.

The company has urged users to disable the autorun facility in Windows so that removable devices such as USB keys and CD-Roms do not automatically launch when attached to a PC.

See also:

reader comments

related articles

OpenOffice worm downloads bunny porn

Malware targets Windows, Mac and Linux computers 21 May 2007

 

Worm points the way to Arabic viruses

W32.Alnuh could be the first stage in an Arabic blitz 08 Jun 2007

Malware goes back to the future in May

New versions of old threats come back to haunt users 05 Jun 2007

'Italian job' attacks spread worldwide

10,000 websites now hosting malicious attack code 19 Jun 2007

Hackers turn to new genre of evasive attacks

Finjan report warns of malicious code 'affiliation networks' 04 Jun 2007

PlayStation

Hackers hit Sony PS3 website

SQL injection vulnerability compromises web pages 02 Jul 2008

Spammers trash anti-money laundering site

With a little help from the hosting company 12 Oct 2007

Fujacks hackers jailed in China

Do no pass Go. Do not collect 100,000 yuan 24 Sep 2007

latest news

Red Hat a good fit for Qumranet

Open source behemoth opens up Windows opportunities with acquisition of virtualisation specialist 05 Sep 2008

Infor praises partners

Software vendor outlines its channel vision at second annual EMEA partner summit in Marbella 05 Sep 2008

Version One and Accurate launch university push

Software vendors link arms to create integrated document and financial management offering for universities 05 Sep 2008

More news

Most commented stories

More

poll

Stormy times ahead for PBX?

Stormy times ahead for PBX?

Will the credit crunch affect PBX takeup?

Previous poll results

In The Studio With CRN: Josh Claman, Dell

In an editorial coup for CRN, Josh Claman, vice president of EMEA channels at Dell, talks to CRN TV about the vendor's channel plans

CRN Fight Night bouts are LIVE!

ALL the bouts from CRN's first ever white collar boxing event at The Brewery in Chiswell Street, are now online in their full glory for CRN readers to watch.

More CRN TV

events

CRN Golf Challenge 2008

CRN Channel Golf Challenge 2008

CRN's annual golfing day will this year be held on 16 September at a championship course in East Sussex

CRN Reseller Leadership Forum logo

CRN Reseller Leadership Forum

An exclusive channel conference from CRN, to be held over one action-packed day in September 2008

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

White papers

Search white papers

Top categories