Virus targets USB sticks

Worm automatically installs itself when device is plugged in

USBs are a new security threat

A new family of worms is spreadsing by copying itself on to removable drives such as USB memory sticks, according to vendor Sophos.

The worms then automatically install themselves when a USB stick is next connected to a computer.

'With USB keys becoming so cheap they are increasingly being given away at tradeshows and in direct mailshots,' said Graham Cluley, senior technology consultant for Sophos.

'With a significant rise in financially motivated malware a USB stick could be an obvious backdoor into a company for criminals bent on targeting a specific business with their malicious code.'

The SillyFD-AA worm hunts for removable drives such as floppy disks and USB memory sticks, and then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is plugged into a Windows PC.

As more and more businesses now have strong defences in place to protect against email-aware viruses and malware, hackers are increasingly looking for other less well defended routes, including USB keys, to infect innocent users.

Cluley advises users to disable the autorun facility of Windows so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC.