Actually scratch my email for the time being, I am working up a full disclosure on it. I have been reverse-engineering it for the past few months and I wanted to share my results as well as notify the group of this worm/virus package.
Charles PS: I'll get back to you in a few days. From: [email protected] [mailto:[email protected]] On Behalf Of Chris M Sent: Saturday, February 19, 2011 10:58 AM To: Charles Timko Cc: [email protected] Subject: Re: [Full-disclosure] Autorun Flashdrive Worm Got an Image of the drive? http://accessdata.com/downloads/current_releases/imager/Imager_Lite_%202.9.0 .zip On Sat, Feb 19, 2011 at 3:49 PM, Charles Timko <[email protected]> wrote: While I was at the SuperComputing Conference I went ahead and plugged in a flashdrive that belonged to a friend of mine. After Windows 7 loaded the driver for the device, I was prompted by AVG Free's Resident Shield. It had stopped the worm from running, which I am thankful for. I told my friend he had a worm on his flash drive and didn't believe me. He took his drive back and scanned it with ClamAV and sure enough, there was a worm on the drive. It was at that point we have been trying to locate it on disk, and I was unable to access the folder from the Command-line with the complete path. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm a hot-wired, heat seeking, warm-hearted cool customer, voice activated and bio-degradable. I interface with my database, my database is in cyberspace, so I'm interactive, I'm hyperactive and from time to time I'm radioactive.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
