Deep detection of USB memory card

Sophos security experts say they have discovered a new computer worm that specializes in potentially dangerous mobile drives.

Once infected on a PC, the SillyFD-AA worm will search for removable disks such as floppy disks or USB memory sticks to copy a hidden file named " autorun.inf " to allow the worm to be automatically authorized. activated every time the device is connected to the PC.

In addition, the worm also changed the Internet Explorer browser title to " Hacked by 1BYTE " (Hacked by 1BYTE).

Senior technology consultant Graham Cluley of Sophos said that the SillyFD-AA worm has not spread widely. However, he warned that the worm had hidden risks because of the way it could be spread via email or instant messaging in addition to the way it was distributed via mobile memory.

" It is interesting to see hackers ' various methods of attacking computers ," Cluley said. " The SillyFD-AA attack appears to be quite understandable because now all users already have an email gateway protection solution ready to eradicate any malicious files attached. Unfortunately, that solution cannot scan malicious files in the user's pocket . "

Sophos' security researchers say hackers today find every way to attack and hack corporate networks. Email forms containing viruses or malicious code seem to have become obsolete.

Sophos recommends that users turn off the auto-running of mobile devices in Windows operating systems. Users should carefully scan for malicious codes on removable memory devices before using them.

Hoang Dung