Signs of trouble

Filed Under: Malware, SophosLabs

The lab released detection for another variant of the W32/SillyFDC family of worms today as W32/SillyFDC-AA.

Like other variants in this family, the worm spreads by copying itself to removable drives including floppy drives and USB keys.

The worm then creates the hidden file autorun.inf on the removable drive to ensure the copy of the worm is run when next connected to a computer.

This variant also appends the text "Hacked by 1BYTE" to the title of Internet Explorer windows that is a clear sign something bad is currently running on the computer.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s