Malware Hunts Down and Deletes MP3s Low-risk worm deletes MP3s on infected PCs, spreads via removable flash drives. Jeremy Kirk, IDG News Service
Thursday, August 02, 2007 5:00 AM PDT the recording industry's dream application: it hunts down and deletes MP3s on infected PCs. Security companies say the worm is only low risk, although its unusual payload could give a nasty surprise to an ardent music fan. The motivation of the hackers who created it are unclear. "The authors of this worm are more likely to be teenage mischief makers than the organized criminal gangs we typically see authoring financially-motivated malware these days," said Graham Cluley, senior technology consultant for the security vendor Sophos PLC. "As such, it's not something we would lose an awful lot of sleep over, but there are some lessons that computer users should learn to minimize the chances of infection," he said. The worm spreads via removable flash drives, reminiscent of the way viruses spread via floppy disks decades ago. That may be an attempt by the authors of the worm to bypass e-mail filters and Web gateway filters that block malicious software, Cluley said. Symantec Corp., which calls the worm W32.Deletemusic, said in an advisory that the worm copies itself to all drives on a PC. It also creates an autorun file to start itself whenever a user accesses a drive. The worm affects PCs running Windows 2000, 95, 98, Me, NT, Server 2003, XP and Vista, Symantec said. Users could disable the autorun feature in Windows that automatically launches programs on CDs or USB drives, Cluley said. It's not the first malicious software to go after music files. Two years ago, researchers saw the Nopir-B worm, which posed as a utility to make copies of DVDs. Once on a machine, it displayed an anti-piracy graphic and tried to delete MP3s and other files. Last year, a Trojan horse program called Erazer took the destructive activity a step further, wiping out MP3s as well as movies, Cluley said. Malware Hunts Down and Deletes MP3s Low-risk worm deletes MP3s on infected PCs, spreads via removable flash drives. Jeremy Kirk, IDG News Service Thursday, August 02, 2007 5:00 AM PDT the recording industry's dream application: it hunts down and deletes MP3s on infected PCs. Security companies say the worm is only low risk, although its unusual payload could give a nasty surprise to an ardent music fan. The motivation of the hackers who created it are unclear. "The authors of this worm are more likely to be teenage mischief makers than the organized criminal gangs we typically see authoring financially-motivated malware these days," said Graham Cluley, senior technology consultant for the security vendor Sophos PLC. "As such, it's not something we would lose an awful lot of sleep over, but there are some lessons that computer users should learn to minimize the chances of infection," he said. The worm spreads via removable flash drives, reminiscent of the way viruses spread via floppy disks decades ago. That may be an attempt by the authors of the worm to bypass e-mail filters and Web gateway filters that block malicious software, Cluley said. Symantec Corp., which calls the worm W32.Deletemusic, said in an advisory that the worm copies itself to all drives on a PC. It also creates an autorun file to start itself whenever a user accesses a drive. The worm affects PCs running Windows 2000, 95, 98, Me, NT, Server 2003, XP and Vista, Symantec said. Users could disable the autorun feature in Windows that automatically launches programs on CDs or USB drives, Cluley said. It's not the first malicious software to go after music files. Two years ago, researchers saw the Nopir-B worm, which posed as a utility to make copies of DVDs. Once on a machine, it displayed an anti-piracy graphic and tried to delete MP3s and other files. Last year, a Trojan horse program called Erazer took the destructive activity a step further, wiping out MP3s as well as movies, Cluley said. http://www.pcworld.com/article/id,135375-pg,1/article.html Vikas Kapoor, MSN Id:[EMAIL PROTECTED], Yahoo+Skype Id: dl_vikas, Mobile: (+91) 9891098137. To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in