Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Autorun Flashdrive Worm

From: Charles Timko <charles.timko () hotmail com>
Date: Sat, 19 Feb 2011 11:29:26 -0500
Actually scratch my email for the time being, I am working up a full
disclosure on it.  I have been reverse-engineering it for the past few
months and I wanted to share my results as well as notify the group of this
worm/virus package.

 

Charles

 

PS: I'll  get back to you in a few days.

 

From: mtek2k () gmail com [mailto:mtek2k () gmail com] On Behalf Of Chris M
Sent: Saturday, February 19, 2011 10:58 AM
To: Charles Timko
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Autorun Flashdrive Worm

 

Got an Image of the drive?

 

http://accessdata.com/downloads/current_releases/imager/Imager_Lite_%202.9.0
.zip

On Sat, Feb 19, 2011 at 3:49 PM, Charles Timko <charles.timko () hotmail com>
wrote:

While I was at the SuperComputing Conference I went ahead and plugged in a
flashdrive that belonged to a friend of mine.  After Windows 7 loaded the
driver for the device, I was prompted by AVG Free's Resident Shield.  It had
stopped the worm from running, which I am thankful for.  I told my friend he
had a worm on his flash drive and didn't believe me.  He took his drive back
and scanned it with ClamAV and sure enough, there was a worm on the drive.
It was at that point we have been trying to locate it on disk, and I was
unable to access the folder from the Command-line with the complete path.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
 I'm a hot-wired, heat seeking, warm-hearted cool customer, voice activated
and bio-degradable. I interface with my database, my database is in
cyberspace, so I'm interactive, I'm hyperactive and from time to time I'm
radioactive. 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: