/>
X
Business

Windows Server worm can spread via USB

The worm called Downadup that is attacking business systems also propagates via USB, says F-Secure.
tom-espiner.jpg
Written by Tom Espiner on

A Microsoft worm that is currently attacking business systems is also a USB worm, security vendor F-Secure has warned.

The worm, which F-Secure calls Downadup, attacks the vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October.

The worm launches a dictionary attack to attempt to crack user passwords, and uses server-side polymorphism and modification to the Access Control Lists (ACL) "to make network disinfection particularly difficult", F-Secure said in a blog post on Tuesday.

However, F-Secure said it has discovered the worm also propagates on the client side, via USB. If a person plugs a USB stick into an infected computer, the malware creates an autorun.inf file on the root of the USB drive.

The .inf file then uses either autorun or autoplay to infect any unpatched systems either when the stick is plugged into the system, or when the user double-clicks on the USB icon in My Computer in Windows Explorer.

The USB worm uses a steganographic technique to hide the autorun file in "binary garbage" to make detection more difficult, said F-Secure's chief research officer Mikko Hyppönen in a blog post on Wednesday.

The US Computer Emergency Response Team has urged IT professionals to apply the patch linked to in MS08-067.

Editorial standards

Related

How to use your phone to diagnose your car's 'check engine' light
BlueDriver Bluetooth dongle

How to use your phone to diagnose your car's 'check engine' light

Don't let Janet Jackson's 'Rhythm Nation' crash your old laptop
the-old-hard-disk-drive-is-disintegrating-in-space.jpg

Don't let Janet Jackson's 'Rhythm Nation' crash your old laptop

Google Play malware: If you've downloaded these malicious apps, delete them immediately
a-man-sitting-in-his-living-room-looking-at-his-smartphone-with-concern

Google Play malware: If you've downloaded these malicious apps, delete them immediately