A new family of worms spreads by copying itself onto removable drives such as USB memory sticks, and then automatically runs when the device is next connected to a computer. 

Sophos warns that the SillyFD-AA worm hunts for removable drives such as floppy disks and USB memory sticks, and then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is plugged into a Windows PC.
It also changes the title of Internet Explorer windows to append the phrase "Hacked by 1BYTE".
"USB keys are increasingly being given away at tradeshows and in direct mailshots, with marketing people using them as 'throwaways' to secure sales leads," says Brett Myroff, CEO of master Sophos distributor, NetXactics.
He advises computer uses to exercise caution when plugging an unknown device into their PC as it could have malicious code on it.
"With a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals bent on targeting a specific business with their malicious code,” Myroff adds.
Sophos experts note that as more and more businesses now have strong defences in place to protect against email-aware viruses and malware, hackers are increasingly looking for other less well defended routes, including USB keys, to infect innocent users.
In this example, changing the title of the Internet Explorer browser's windows should be a clear sign to most people that something strange is afoot, says Myroff.
"It also indicates that this particular variant of the worm has not been written with completely clandestine intentions.  A savvier internet criminal would not have made it so obvious that the PC has been broken into.”
Sophos experts advise that users disable the autorun facility of Windows so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC.  Any storage device which is attached to a computer should be checked for virus and other malware before use. Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code which could infect the computers of innocent users.