Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Researchers Discovered a New USB Malware

VirusBlokAda, a Europe-based anti-virus company, reveals that a new malware is creating problem in the method Windows handles shortcut files, as per the eSecurity Planet news on 15th July, 2010.

Shortcut files or files which ends with '.lnk' extensions are Windows files that connect (so the 'lnk' extensions) easily notable icons to particular executable programs and are normally located on the Desktop or Start Menu. These shortcut files are exploited by the criminals.

A shortcut works only when a user clicks on its icon. However, the security firm has noticed that these harmful malware could execute automatically, if someone writes them to a USB and afterwards accessed by Windows Explorer.

On 17th June, 2010, the researcher at the antivirus firm (VirusBlokAda) stated that they had found two new malware sample, which could infect a totally protected Windows 7 system. These malware were attached to the antivirus bases - naming Trojan-Spy.0485 and Malware-Cryptor.Win32.Inject.gen.2.

While analyzing the malware, the researchers found that the USB storage device was used by this Trojan to spread further. Hence, the researchers warned that these viruses harm the Operating System unusually through discrepancies in processing lnk-files (not using an autorun.inf file).

The malicious process begins when a user opens an infected USB storage device through Microsoft Explorer or some icons to harm the Operating System to allow the malware operate.

Sergey Ulasen, an anti-virus expert at the company, stated that the malware infected two drivers: "mrxnet.sys" and "mrxcls.sys," according to a news published by KrebsonSecurity on 15th July, 2010,

The two installed drivers are attached with the anti-virus bases as Rootkit.TmpHider and SScope.Rookit.TmpHider.2. Realtek Semiconductor Corp. signs both the drivers with digital signature.

Around the world, many Rootkit.TmpHider and SScope.Rookit.TmpHider.2 have been detected by the security experts after the inclusion of new records to the antivirus bases.

Regarding the technique used for infecting, the security researchers stated that the malware spreading through USB was very common. Most of the malware spreading through USB and other removable drives, generally takes the help of Windows Autoplay or Autorun aspect.

Related article: Researchers Urge Caution against phishing Scams

ยป SPAMfighter News - 26-07-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next