Researchers Discovered a New USB Malware

VirusBlokAda, a Europe-based anti-virus company, reveals that a new malware is creating problem in the method Windows handles shortcut files, as per the eSecurity Planet news on 15th July, 2010.

Shortcut files or files which ends with '.lnk' extensions are Windows files that connect (so the 'lnk' extensions) easily notable icons to particular executable programs and are normally located on the Desktop or Start Menu. These shortcut files are exploited by the criminals.

A shortcut works only when a user clicks on its icon. However, the security firm has noticed that these harmful malware could execute automatically, if someone writes them to a USB and afterwards accessed by Windows Explorer.

On 17th June, 2010, the researcher at the antivirus firm (VirusBlokAda) stated that they had found two new malware sample, which could infect a totally protected Windows 7 system. These malware were attached to the antivirus bases - naming Trojan-Spy.0485 and Malware-Cryptor.Win32.Inject.gen.2.

While analyzing the malware, the researchers found that the USB storage device was used by this Trojan to spread further. Hence, the researchers warned that these viruses harm the Operating System unusually through discrepancies in processing lnk-files (not using an autorun.inf file).

The malicious process begins when a user opens an infected USB storage device through Microsoft Explorer or some icons to harm the Operating System to allow the malware operate.

Sergey Ulasen, an anti-virus expert at the company, stated that the malware infected two drivers: "mrxnet.sys" and "mrxcls.sys," according to a news published by KrebsonSecurity on 15th July, 2010,

The two installed drivers are attached with the anti-virus bases as Rootkit.TmpHider and SScope.Rookit.TmpHider.2. Realtek Semiconductor Corp. signs both the drivers with digital signature.

Around the world, many Rootkit.TmpHider and SScope.Rookit.TmpHider.2 have been detected by the security experts after the inclusion of new records to the antivirus bases.

Regarding the technique used for infecting, the security researchers stated that the malware spreading through USB was very common. Most of the malware spreading through USB and other removable drives, generally takes the help of Windows Autoplay or Autorun aspect.

Related article: Researchers Urge Caution against Phishing Scams

» SPAMfighter News - 26-07-2010

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial