Not-so-stealth worm

Filed Under: Malware, SophosLabs

Generally speaking, most worm authors do not want you to know that their malware is on your machine. However, the author of W32/Agent-FOW must be proud, as there is a log file left on the machine, listing all removable drives successfully infected.

From the log file...

 found_removable!
217946263-
copy: e:\autorun.inf
copy: e:\krag.exe
done
COPYING
found_removable!
217946263-
copy: e:\autorun.inf
done
COPYING
found_removable!
217946263-
copy: e:\autorun.inf
done

You might like

About the author

Beth Jones Senior Threat Researcher, SophosLabs US Beth manages the day-to-day research and analysis activities of incoming suspicious malware threats that arrive in SophosLabs via customers, partners and prospects. Beth has worked in Sophos's Boston lab for more than five years and brings nearly a decade of network security experience to Sophos.