More details on the Conficker virus
Yesterday we reported on the news that the creators of the Conficker.B virus might have blundered in their coding of its havoc-wreaking capabilities. But the methods the virus uses to spread itself are looking increasingly creative.
As we’ve noted, one of the main ways the virus spreads is through removable media. In the days of permanent Internet connections that might seem an old-school technique (remember the days when a floppy disk was the computer equivalent of a dirty dishcloth?), but this one works through something that never goes out of date: human behavior.
It was already known that Conficker exploited USB sticks by creating an Autorun file so that the virus loaded the moment the stick went into a machine. Normally it’s easy for both humans and computers to spot such files when they shouldn’t be there.
However, Conficker uses an Autorun file where the deadly instructions are hidden away amid a random selection of meaningless code. This not only makes it difficult for humans to see anything is wrong, but renders some computer tactics such as looking for Autorun files of a particular size useless.
Security advisers spotting this had warned users to disable Autorun in Windows. (Frankly anyone operating a corporate network that doesn’t personally handle every stick or disc that goes into a machine should have already done this.)
However, it’s now clear the virus exploits another automated feature in Windows, namely Autoplay. That’s the menu which pops up when you insert a USB stick or disc and asks if you want to carry out common actions such as playing songs or opening folders.
Sticks infected with the virus will list the option to view the files in Windows Explorer as usual. However, they also have a bogus option – which appears first in the list – which has the same wording and icon, but clicking on it installs the virus.
Security researchers are calling this a ‘social engineering trick’, meaning it exploits the way humans act. Even though the bogus option is marked as being in the category ‘Install or run program’, many users will see the familiar ‘Open folder to view files’ wording and icon that they click on it without thinking.
Related Posts:
