It’s a recent worm having already infected scores of computers all around the world. It is also called Houdini.
Depending on the antivirus used, it is detected as :
It is spread through USB peripherals such as pendrives, external drives, but also smartphones or digital cameras through their memory cards.
Once the media is connected, for users, the contents appear normal. Here’s a view showing 2 photos and a MP3 audio-file :
But here is what the key really contains (which is “hidden” to users).
On the file on the right, we can notice a small arrow in the bottom left corner of the icon; it means this is a shortcut, and may be a sign of the infection
In 1, we can see the shortcuts (visible to users) and we may think they are real files; but in fact, these shortcuts, once clicked, will launch the infection (2) and then, open the original file (hidden to users).
You feel you have launched the file you wanted, and you won’t be aware the malware has been launched a few milli-seconds before.
YOU ARE CAUGHT!
The file is a VBS (Microsoft Visual Basic script).
This type of script is commonly used by managers of operating systems and networks, to make small programs aiming at making repetitive tasks automatic.
Without entering technique too much,let’s say the malware is complexly encoded to camouflage itself, and so avoid detection by anti-virus.
it, then, will search for all removable peripherals, and infect them, thus, making new vectors of propagation.
The malware connects to the C&C server, to transmit some information :
The hacker, thus, will be able to take control of the “victim” computer to :
Update the malware (or delete it)
Install other malwares
He may also re-use the code, change it, enrich it
Here is a view of an ad for this type of malware :
Here is a view of a managing console (what the hacker can see on his scren) :
Even if the code is relatively simple, it is enough to corrupt the security of a whole organization, and retrieve personnal or confidential information from a great numberof people.