There's a new worm on the loose, which copies itself onto removable drives, such as USB flash drives, in an attempt to spread information about AIDS and HIV.
According to Sophos, the LiarVB-A worm hunts for removable drives such as floppy disks and USB memory sticks, as well as spreading via network shares, and then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is connected to a Windows PC.
Once it has infected a system, it drops an HTML file containing a message about AIDS and HIV to the user's drive.
Much of the malware seen by Sophos is designed to generate income for the hackers, but this worm is different in that respect – it appears that the motive was to spread information about AIDS instead.
"Even though the hackers responsible for this worm aren't attempting to fill their pockets with cash, and may feel that they are spreading an important message, they are still breaking the law,” says Brett Myroff, CEO of master Sophos distributor, NetXactics. "In future, we might see more graffiti-style malware being written on behalf of political, religious and other groups looking for a soapbox to broadcast their opinions."
At the bottom of the HTML file there is a message which claims the worm causes no harm. It reads as follows:
"This file Doesn't make harmful change to your computer. This File is NOT DANGEROUS for your Computer and FlashDisk (USB). This File Doesn't Disturb any Data or Files on your computer and FlashDisk (USB). So Dont be affraid, and Be Happy!"
Myroff comments: "It's nonsense to say that this worm doesn't harm computers – it makes changes to a PC's settings and overwrites files – there is no such thing as a useful virus. Companies should be allowed to decide for themselves what code runs on their computers rather than virus writers thinking it's okay to inject whatever code they like into corporate networks."
Last month Sophos warned about another family of worms which targeted flash drives, changing installations of Internet Explorer to say that they were "Hacked by 1BYTE" – so it seems the era of USB viruses may have arrived.
Sophos experts advise that users disable the autorun facility of Windows so that removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC. Any storage device which is attached to a computer should be checked for viruses and other malware before use. Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code which could infect the computers of innocent users.
The new worm is not the first piece of malware to be associated with information about AIDS. In 1989, Dr Joseph Popp distributed an AIDS information floppy disk to more than 20,000 people. The Trojan horse program on the floppy disk would trash users' disks if they did not send money to a rented post office box in Panama. Popp's creation is considered one of the very first examples of ransomware.