The police force in England’s second-largest city, the Greater Manchester Police (GMP), has suffered extensive disruption for several days following an infection by the Conficker worm.
Read More »

We blogged recently about increasing regulation, and strong penalties for companies that suffer breaches in data security. Industry experts and analysts agree that these new moves will help to drive wider uptake of secure USB flash drives. Read More »

We saw in 2008 and 2009 how worms came back to prominence, thanks to the wide spread of Conficker and its variants. A timely reminder that the threat is still high was given last week, when Google revealed a highly sophisticated series of cyberattacks originating from China that stole some of its intellectual property and affected about 30 other Silicon Valley companies.

This recent attack shows how malicious software has evolved into an advanced weapon that can specifically target companies – even companies as advanced as Google – with the aim of gaining a financial or competitive advantage.

Attackers will try any method available to seed the malware onto a company network, including infecting USB flash drives and distributing them at events, or “losing” them in car parks for unwitting employees to find. That’s why latest-generation secure flash drives, such as our own Cruzer Enterprise range, can also feature onboard anti-malware scanning to nullify this threat.

If we needed any further reminders, new data has shown that malware which exploits the Windows Autorun vulnerability accounts for more than 35% of the top 10 global infections so far this year.  This is more than double the proportion found in the second half of 2008.

The key findings from Microsoft’s Security Intelligence Report Version 7 show that the Conficker worm, along with a Trojan called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers respectively. 

Taterf is notable in that it spreads only via Autorun, and of course Autorun is one of the vectors by which Conficker can spread. 

While our Cruzer Enterprise secure flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, it’s worth remembering that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames. 

We suggest being cautious in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.

A new large-scale malware outbreak is currently believed to have infected at least 50 of America’s Fortune 100 companies.

Over 70 variants of the malware, known as Mariposa, have been identified, with complex methods of action including email address harvesting, injecting code into known system processes, and downloading further malware onto corporate computers and networks. 

Like Conficker, this new malware can spread by multiple mechanisms, including running automatically from USB flash drives, via an Internet-based update module, and across the MSN Messenger chat network.

Also like Conficker, the exact motivation or the people behind the threat are not known.  But it’s worth checking your AV signatures are fully updated – and we would recommend the use of secure USB drives with onboard anti-malware protection, too.

Microsoft has recently issued updates for Windows XP and Vista which can help stop worms such as Conficker spreading via infected flash drives.  Windows 7 is already protected.

The updates modify the way AutoRun and AutoPlay work, to keep malware from silently installing on a victim’s PC.  Conficker and similar worms use a malicious “autorun.inf” file on USB storage devices connected to already-infected machines, which then spread to any other PC if the user connected the device to that second computer and picked the “Open folder to view files” option under “Install or run program” in the AutoPlay dialog.

The change to the AutoPlay dialog no longer let users run programs, except when the device is a nonremovable optical drive.  Instead, a flash drive connected to a Windows 7 system only opens a folder to show a list of files.

The updates are available for download and installation from Microsoft’s download site, and are strongly recommended.

Earlier this year we posted on this blog about the continued rise of malware that exploits the Windows AutoRun feature to replicate onto removable media, such as USB thumb drives.  As we saw just a couple of weeks ago, a UK local government body suffered significant problems and incurred high costs as a result of a Conficker infection, which uses this exploit.

Of course, our Cruzer Enterprise flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, because they will quarantine and destroy the malware if copied onto the drive. 

But it’s also worth a reminder that that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames.  While disabling Windows AutoRun is possible, it’s also inconvenient for users to manually launch a portable device or program they may need. 

We would suggest exercising extreme caution in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.  These measures will help to minimise any risks.

As you may have seen in the last week or so, the latest version of Apple’s Macintosh OS, known as Snow Leopard, includes for the first time features to detect and warn users about some types of malware.

However, a number of external parties have tested these features, and found that they will only detect the specific malware if it’s encountered via a Web browser.  The features will not detect malware if it is carried and inserted into the machine via a removable drive, such as a USB flash drive.

Although Apple has said for many years that Mac users don’t really need to worry about malware, the threat landscape is constantly changing.  So Mac users should be careful about possible infections from any source, whether on the web or by removable media.

Our anti-virus partner McAfee has released its Q2 Threats Report (PDF at link), and like the company’s Q1 report from earlier this year, it is sobering reading. 

The report says that spam volumes have increased by 140% since March, driven by major growth in botnet activity.  14 million new computers became parts of botnets in Q2 (that’s more than 150,000 per day), an increase of 16% over the previous quarter.

McAfee also reported growth in password-stealing Trojans, which is more proof that making money from illegal activity on the Internet is now a focus for criminal gangs.

The company also reported a surge in so-called Auto-Run malware, which exploits Windows’ Auto-Run capabilities and is most commonly spread via USB and portable devices.  As you’ll know, our Cruzer Enterprise with onboard McAfee AV can prevent the spread of malware via this vector, helping to protect corporate networks against this fast-emerging threat.

In the last 6 months or so we’ve seen how USB flash drives have become recognised as a vector for spreading malware, especially malware that uses Windows’ Autorun capability.

This week, Symantec is reinforcing that message during its Cyber Crime initiative.   The company’s Security Response group product manager says that as well as being a method for propagation, USB-borne malware is particularly difficult to get rid of. 

Of course, one way of stopping the spread of malware via USB memory sticks is to use secure flash drives with on-board antivirus, which stops malware on the drive itself.

It’s also worth noting just how the sheer number of threats has grown.  In 2000, antivirus vendors issued 1,500 new signatures.  In 2009, over 2.5 million signatures are expected.  AV protection on all computing devices makes more sense than ever before.