Researchers Discovered a New USB Malware
Shortcut files or files which ends with '.lnk' extensions are Windows files that connect (so the 'lnk' extensions) easily notable icons to particular executable programs and are normally located on the Desktop or Start Menu. These shortcut files are exploited by the criminals.
A shortcut works only when a user clicks on its icon. However, the security firm has noticed that these harmful malware could execute automatically, if someone writes them to a USB and afterwards accessed by Windows Explorer.
On 17th June, 2010, the researcher at the antivirus firm (VirusBlokAda) stated that they had found two new malware sample, which could infect a totally protected Windows 7 system. These malware were attached to the antivirus bases - naming Trojan-Spy.0485 and Malware-Cryptor.Win32.Inject.gen.2.
While analyzing the malware, the researchers found that the USB storage device was used by this Trojan to spread further. Hence, the researchers warned that these viruses harm the Operating System unusually through discrepancies in processing lnk-files (not using an autorun.inf file).
The malicious process begins when a user opens an infected USB storage device through Microsoft Explorer or some icons to harm the Operating System to allow the malware operate.
The two installed drivers are attached with the anti-virus bases as Rootkit.TmpHider and SScope.Rookit.TmpHider.2. Realtek Semiconductor Corp. signs both the drivers with digital signature.
Around the world, many Rootkit.TmpHider and SScope.Rookit.TmpHider.2 have been detected by the security experts after the inclusion of new records to the antivirus bases.
Regarding the technique used for infecting, the security researchers stated that the malware spreading through USB was very common. Most of the malware spreading through USB and other removable drives, generally takes the help of Windows Autoplay or Autorun aspect.
» SPAMfighter News - 26-07-2010