Signs of trouble

The lab released detection for another variant of the W32/SillyFDC family of worms today as W32/SillyFDC-AA.

Like other variants in this family, the worm spreads by copying itself to removable drives including floppy drives and USB keys.

The worm then creates the hidden file autorun.inf on the removable drive to ensure the copy of the worm is run when next connected to a computer.

This variant also appends the text “Hacked by 1BYTE” to the title of Internet Explorer windows that is a clear sign something bad is currently running on the computer.