July 16, 2010

Microsoft looks into malware spreading via USB

Microsoft is investigating new reports that malware is propagating through USB devices, the software giant's Security Response Center said Thursday.

The attacks may be linked to an unknown vulnerability in Windows, Sophos' Chester Wisniewski said in a blog post Thursday. The flaw permits a malicious Windows shortcut file (.lnk) installed on a USB device to run a Dynamic Link Library (DLL), with no user interaction required. The DLL installs malware onto the machine.

Because of this, users who have disabled AutoRun, a Windows feature that allows files or programs to immediately run as soon the device is connected to a computer, are not protected.

"If you can execute malware even when AutoPlay is disabled, the risk is very high," Wisniewski wrote.

The exploits first were detected last month by Belarus-based anti-virus firm VirusBlokAda. According to the company, the malware on the USB devices installs two drivers, which serve as rootkits that hide the actual malware, making it nearly impossible to detect.

Malware that propagates via removable media is not new. The well-publicized Conficker worm used that vector to spread to millions of computers worldwide.

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.