USB Flash drive worm spreads Aids info

By on
USB Flash drive worm spreads Aids info

Worm designed to promote awareness of HIV and Aids.

Security experts have disclosed details of a worm that copies itself onto removable drives, such as USB Flash drives, in an attempt to spread information about Aids and HIV.

The LiarVB-A worm hunts for removable drives such as floppy disks and USB memory sticks, as well as spreading via network shares.

It creates a hidden file called 'autorun.inf' to ensure that a copy of the worm is run the next time the drive is connected to a Windows PC.

Once it has infected a system, it drops an HTML file containing a message about Aids and HIV to the user's drive.

"Much of the malware we see is designed to generate income for the hackers, but this worm is different in that it spreads information about Aids instead," said Graham Cluley, senior technology consultant at Sophos.

"Even though the hackers responsible for this worm are not set on filling their pockets with cash, and may feel that they are spreading an important message, they are still breaking the law.

"In the future we might see more graffiti-style malware being written on behalf of political, religious and other groups looking for a soapbox to broadcast their opinions."

At the bottom of the HTML file is a message which claims that the worm causes no harm. It reads as follows:

'This file Doesn't make harmful change to your computer. This File is NOT DANGEROUS for your Computer and FlashDisk (USB). This File Doesn't Disturb any Data or Files on your computer and FlashDisk (USB). So Dont be affraid, and Be Happy!'

"It is nonsense to say that this worm does not harm computers. It makes changes to a PC's settings and overwrites files," said Cluley.

"There is no such thing as a useful virus. Companies should be allowed to decide for themselves what code runs on their computers rather than virus writers thinking it is OK to inject whatever code they like into corporate networks."

Sophos warned last month of another family of worms which target Flash drives, this time changing installations of Internet Explorer to say that they were 'Hacked by 1BYTE'.

The company has urged users to disable the autorun facility in Windows so that removable devices such as USB keys and CD-Roms do not automatically launch when attached to a PC.
Copyright ©

Most Read Articles

Log In

|  Forgot your password?