USB malware hides in recycled folder

Today in SophosLabs we saw another worm that attempts to spread by means of removable USB flash drives. The worm (now detected by Sophos as W32/DelCyc-A) tries to disguise its malicious activity by hiding in a recycled folder that it creates on drives it infects.


By using the old Autorun.inf trick which we have previously blogged about (1,2), W32/DelCyc-A is automatically executed from this innocent-looking folder when the removable drive is connected to another machine.

So, just another example of malware attempting to infect users through removable drives. If the recent rootkit shenanigans are not sufficient to alert users to the threat removal drives can pose, this continued malware activity should be.