Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Researchers Discovered a New USB Malware

VirusBlokAda, a Europe-based anti-virus company, reveals that a new malware is creating problem in the method Windows handles shortcut files, as per the eSecurity Planet news on 15th July, 2010.

Shortcut files or files which ends with '.lnk' extensions are Windows files that connect (so the 'lnk' extensions) easily notable icons to particular executable programs and are normally located on the Desktop or Start Menu. These shortcut files are exploited by the criminals.

A shortcut works only when a user clicks on its icon. However, the security firm has noticed that these harmful malware could execute automatically, if someone writes them to a USB and afterwards accessed by Windows Explorer.

On 17th June, 2010, the researcher at the antivirus firm (VirusBlokAda) stated that they had found two new malware sample, which could infect a totally protected Windows 7 system. These malware were attached to the antivirus bases - naming Trojan-Spy.0485 and Malware-Cryptor.Win32.Inject.gen.2.

While analyzing the malware, the researchers found that the USB storage device was used by this Trojan to spread further. Hence, the researchers warned that these viruses harm the Operating System unusually through discrepancies in processing lnk-files (not using an autorun.inf file).

The malicious process begins when a user opens an infected USB storage device through Microsoft Explorer or some icons to harm the Operating System to allow the malware operate.

Sergey Ulasen, an anti-virus expert at the company, stated that the malware infected two drivers: "mrxnet.sys" and "mrxcls.sys," according to a news published by KrebsonSecurity on 15th July, 2010,

The two installed drivers are attached with the anti-virus bases as Rootkit.TmpHider and SScope.Rookit.TmpHider.2. Realtek Semiconductor Corp. signs both the drivers with digital signature.

Around the world, many Rootkit.TmpHider and SScope.Rookit.TmpHider.2 have been detected by the security experts after the inclusion of new records to the antivirus bases.

Regarding the technique used for infecting, the security researchers stated that the malware spreading through USB was very common. Most of the malware spreading through USB and other removable drives, generally takes the help of Windows Autoplay or Autorun aspect.

Related article: Researchers Urge Caution against phishing Scams

ยป SPAMfighter News - 7/26/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page