Worm epidemy that has infected over 10,000,000 systems so far doesn't spread using network only. F-Secure warns that Downadup worm uses also sneaky social engineering way to spread itself. Windows Vista and Windows 7 beta users must be careful with removable USB drives now.
F-Secure warns in its blog namely about sneaky USB functionality of Downadup aka Conficker worm. The worm copies autorun.inf file to USB removable drive. If USB drive is plugged into other computer parasite tries to start up from the drive using modified Vista Autoplay notification window.
Normally, when USB drive is plugged in a window opens up asking if user wants to run the program on removable drive. Under that option there's an option that can be used to explore the contents of USB drive. What the worm does is that it modifies the first option. Icon is changed and program name is modified. Instead of showing a question if user really wants to run program named autorun.inf, system shows an icon and name that by first look may fool user to think it's just an option to browse USB memory contents (pic). If user gives permission attacking code on the USB memory will be run.
F-Secure says that it made test on Windows 7 beta and says the trick was successful on it too.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment