USB Worm Targets Firefox, Orkut and YouTube

You might have seen a recent flurry of USB Worms in the news - well, one of our researchers found what appears to be a variant targeting (as you might have guessed from the title) Firefox, Orkut and YouTube.

http://blog.spywareguide.com/2007/05/usb_worm_targets_firefox_orkut.html

Video -with sound:

http://www.vitalsecurity.org/mozworm/mozworm.html

Hi FwF,

Well any worm that is propagated via USB is hard to remove. Read here about the USB-version of the Brontok or rontokbro-worm removal: http://antivirus.about.com/od/virusdescriptions/a/rontokbro.htm

Brontok is a nice Indonesion bird, but the malware named after it is far from that.

polonus

Mr “i visit avast forums once a year”

this was reported check this link

http://forum.avast.com/index.php?topic=28168.0

no offence dude

Hi sasin44,

You get the laurels for posting this subject first, and FwF is a couple of days later. But the subject is so important, like you see in the response in this thread referring to another USB worm, because you have to have a computer or medium that is not compromised to restore the infected machine or disk (pen-drive).
You should have the possibility to start a clean environment from an alternate OS-DVD or CD, that would be a mighty tool in the hands of the malware fighter. Did this once, but I do not know the implications of a linux distro with MS on it (but it is virus free), but could it be used legit??.

polonus

PS Click the jpg for animation!

no offence dude

None taken.

Don’t let the door hit your ass on the way out. :wink:

Frank’s post also provides additional links and that it also effects YouTube.

It is a fact of life that there may well be duplicates in the forums because they are very active. So your post on the 3rd May might well go unnoticed so this one posted on the 14th May will only reinforce the issue, so no harm done.

god… i never thought avasties took a sense of humore sooo seriously…
i replied cos i thought one topic one post…
one post would provide al the info required.instead of having a dozen posts on a single topic…
and by the avast still has not included the malware in its virus definition…
did not mean to wage a full scale war on who posted the topic first…that is nothing to be proud of if u get infected first it shows the security slag…
gosh try to bring all the related posts together on i should be worring about not lettin the door hit me on the way out???
:o :o :o ??? ??? ??? ???

Hi sasin44,

What you refer to is of minor importance. More important is how new victims will be protected in general against flash drive malware e.g. worms. The implication is you have to apply cleansing from “another” computer or from a distro that cannot be infected (linux distro with windows on it, and I do not know if this could be applied legally).
Another implication is that the user in general should come to terms with the new situation where the prices for 512 MB USB sticks is now falling below Euro 5. It could now become interesting for malcreants to pre-install malware onto USB sticks for the unaware to get infected putting them at quite some risk.

polonus

i strongly agree with u … pendrives are getting cheaper by the second …and a new wave of worms target this…the best measure against this is
…uncheck “hide protected operated system folders” option
…and disable default autorun[found some info on how to do this on net ]…so that worms that use autorun.inf to excute cannot harm …u
…uncheck “hide extensions of known file types” option
these simple measures save me sooo much trouble.i had caught 4 worms which hide them selfs
avast did not detect them then…now it does…: 0 except the anti youtube worm
i am pretty sure ths is a very effictive and simple for a average user wit basic knowledge…to implement…

and going off the topic in hand…
4 gb pendrives cost as low as 800 Rs…that will work out to around 14 euros[1 euro=55 Rs]
and 2 gb ones will be 650 Rs thats around 11 euros
and that too from companies like KINGSTON and TRANCEND
SANDISK is still a bit costly…not bad huh??