Tips & Advice

All in the Family with malware

Avast Security Blogger, 14 October 2011

All in the Family with malware

It’s easy to get an “older sister” bit of malware on your computer – even if you don’t want one. Just practice a little “unsafe computing” with four easy steps as outlined by AVAST Virus Lab analyst Michal Krejdl in his recent blog post. As he put it: “She's a little bit binary, but nobody has a perfect sister, hmm?”

To pick up your own “older sister”, just do the following:

  1. Get your own USB flash drive
  2. Plug it wherever you can (preferably use public stations)
  3. Repeat the previous point 2. as often as possible
  4. Finally - plug your flash drive to your PC/laptop

Michal pointed out that this little Trojan (perhaps named Helen) comes from a well-known family. She’s connected to the Palevo, Crum, and Morphex custom packers which hide malware from antivirus programs. He especially liked the black humor in trying to conceal this Trojan under the file name of G:\older\sister. So far, no younger\sister or older\brother variants have appeared.

Computer users don’t actually get to see their new “older sister”. They just see the image of a file folder or the recycling bin. “Users can click on these images if they want to, but it’s not necessary to get the infection,” says Michal. avast! detects this as FoldRun [Trj].

The malware misuses the "AutoRun" feature in Microsoft Windows operating systems (OS) to start an executable file which then invites an array of malware into the computer. AutoRun was designed alert users when a new device has been connected to their computers and select an application for opening the new files. The AutoRun functionality has been partially disabled by a Windows update for dangerous drive types such as USB removable media.

“Properly-updated Windows systems should have had this feature primarily – but not entirely – disabled,” added Michal. “But, there are enough vulnerable computers out there to still make this a profitable opening for malware writers.”

Two additional steps to get an unplanned “older sister” in your computer…

  1. Stay in the dark. Don’t worry about whether your computer OS is updated or not.
  2. Don’t use protection. Antivirus programs are only for those engaged in risky activities.

Of course, not everyone wants an older sister – planned or not.