SophosLabs analysts encountered an unusual worm today in the form of W32/Baysur-A.
Once a computer infected with the W32/Baysur-A worm is restarted, the following message appears on logon:
The worm is also capable of spreading itself via removable shared drives, including USB keys. This allows the worm to run itself when the removable media is plugged into an uninfected computer.
This is not the first instance that SophosLabs analysts have encountered worms containing messages written in either Malay (Bahasa Melayu) or Indonesian (Bahasa Indonesia).
Malware targetting Malaysian and Indonesian users include VBS/Redlof-E and the Bobandy (eg. W32/Bobandy-E) family of worms. In other unusual cases, the infamous Brontok family of worms (eg. W32/Brontok-Z) actually changes its email message to its equivalent Indonesian translation if the worm detects that the recipient’s address is Indonesian.