A new worm discovered by security company Trend Micro aims to install on any removable drive connected to the computer and copy itself on another system's physical drives. According to the advisory published by the security firm, WORM_VB.GAW affects most Windows platforms including Windows 98, ME, NT, 2000, XP and Server 2003. As you can see, there's no Vista among them so the latest flavor of
Microsoft's operating system is probably the only safe one. Trend Micro rated the "Overall risk rating" with low but it sustained the distribution potential is medium.
In the past, there were several reports concerning this type of threats, many of them targeting the removable drives connected to the PC. The worm propagates pretty easy as it is installed on new computers every time an infected storage drive is connected to a clean system.
"This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites," Trend Micro wrote in the security advisory.
The interesting aspect of the worm is actually its behavior once installed on a clean computer. It appears that it copies itself in the Windows Startup folder but it also creates an Autorun.inf file to be executed once new drives are connected to the system. Pretty smart don't you think?
"Upon execution, this worm drops a copy of itself in the common Windows Startup folder to enable its automatic execution at every system startup. This worm propagates by dropping copies of itself in all physical and removable drives. It also drops an AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed," Trend Micro continued.
In case you're infected with the WORM_VB.GAW, you should look for the malicious process, close it but don't forget to remove the additional autorun files created by the worm. But avoid doing this if you're not sure the deleted files are not vital for the operating system. As an alternative, you can install an antivirus solution, Trend Micro sustaining it's one of those which manage to block the dangerous file.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
