You can run but can you hide?
Today in SophosLabs we saw another worm that attempts to spread by means of removable USB flash drives. The worm (now detected by Sophos as W32/DelCyc-A) tries to disguise its malicious activity by hiding in a recycled folder that it creates on drives it infects.
By using the old Autorun.inf trick which we have previously blogged about (1,2), W32/DelCyc-A is automatically executed from this innocent-looking folder when the removable drive is connected to another machine.
So, just another example of malware attempting to infect users through removable drives. If the recent rootkit shenanigans are not sufficient to alert users to the threat removal drives can pose, this continued malware activity should be.
Posted on September 5th, 2007 by Laszlo Tamas, SophosLabs UKFiled under: Malware
Windows 7 security - A great leap forward or business as usual?
