USB Flash drive worm spreads Aids info

By

Worm designed to promote awareness of HIV and Aids.

USB Flash drive worm spreads Aids info
Security experts have disclosed details of a worm that copies itself onto removable drives, such as USB Flash drives, in an attempt to spread information about Aids and HIV.

The LiarVB-A worm hunts for removable drives such as floppy disks and USB memory sticks, as well as spreading via network shares.

It creates a hidden file called 'autorun.inf' to ensure that a copy of the worm is run the next time the drive is connected to a Windows PC.

Once it has infected a system, it drops an HTML file containing a message about Aids and HIV to the user's drive.

"Much of the malware we see is designed to generate income for the hackers, but this worm is different in that it spreads information about Aids instead," said Graham Cluley, senior technology consultant at Sophos.

"Even though the hackers responsible for this worm are not set on filling their pockets with cash, and may feel that they are spreading an important message, they are still breaking the law.

"In the future we might see more graffiti-style malware being written on behalf of political, religious and other groups looking for a soapbox to broadcast their opinions."

At the bottom of the HTML file is a message which claims that the worm causes no harm. It reads as follows:

'This file Doesn't make harmful change to your computer. This File is NOT DANGEROUS for your Computer and FlashDisk (USB). This File Doesn't Disturb any Data or Files on your computer and FlashDisk (USB). So Dont be affraid, and Be Happy!'

"It is nonsense to say that this worm does not harm computers. It makes changes to a PC's settings and overwrites files," said Cluley.

"There is no such thing as a useful virus. Companies should be allowed to decide for themselves what code runs on their computers rather than virus writers thinking it is OK to inject whatever code they like into corporate networks."

Sophos warned last month of another family of worms which target Flash drives, this time changing installations of Internet Explorer to say that they were 'Hacked by 1BYTE'.

The company has urged users to disable the autorun facility in Windows so that removable devices such as USB keys and CD-Roms do not automatically launch when attached to a PC.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
aidsdriveflashinfosecurityspreadsusbworm

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?