http://rtfa.disqus.com/RTFAenWed, 21 Jan 2009 18:43:29 -0000http://www.rtfa.net/2008/12/03/dell-datatraveler-4gb-usb-drive-with-trojan-virus#comment-5449803It seems this is becoming more of a problem, from the BBC:<br><a href="http://news.bbc.co.uk/2/hi/technology/7842013.stm" rel="nofollow">http://news.bbc.co.uk/2/hi/technology/7842013.stm</a><br><br>"Drives such as USB sticks infected with the virus trick users into installing the worm, according to researchers.<br><br>The "Autoplay" function in Vista and early versions of Windows 7 automatically searches for programs on removable drives.<br><br>However, the virus hijacks this process, masquerading as a folder to be opened. When clicked, the worm installs itself.<br><br>It then attempts to contact one of a number of web servers, from which it could download another program that could take control of the infected computer.<br><br>Bad guys<br><br>The worm is unusually clever in the way that it determines what server to contact, according to F-Secure's chief research officer Mikko Hypponen.<br><br>"It uses a complicated algorithm which changes daily and is based on timestamps from public websites such as <a href="http://Google.com" rel="nofollow">Google.com</a> and Baidu.com," said Mr Hypponen in a blog post.<br><br>"This makes it impossible and/or impractical for us good guys to shut them all down — most of them are never registered in the first place.<br><br>"However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website — and they then gain access to all of the infected machines," he added.<br><br>It has also emerged that the virus automatically disables the automatic updates to Windows that would prevent further infection.<br><br>As the virus - also known as Downadup - has spread to an estimated 9m computers globally, a number of high-profile instances of the virus have arisen. "fumfWed, 21 Jan 2009 18:43:29 -0000http://www.rtfa.net/2008/12/03/dell-datatraveler-4gb-usb-drive-with-trojan-virus#comment-4168892According to <a href="http://www.threatexpert.com/files/iiiiiiiiii.exe.html" rel="nofollow">http://www.threatexpert.com/files/iiiiiiiiii.exe.html</a>, that EXE is also known as:<br><br>Infostealer.Bancos.gen<br>Keylog.gen<br>Trojan-Spy.VB!sd5<br>Trojan-Spy.Win32.VB.fj<br><br>So, I still think this is freaking CRAZY. I mean, it was a brand new USB drive with a known Trojan on it.farkingaThu, 04 Dec 2008 13:43:09 -0000http://www.rtfa.net/2008/12/03/dell-datatraveler-4gb-usb-drive-with-trojan-virus#comment-4167469Hi Phil,<br>I'm fairly certain this is not a false positive. The dead giveaway is the chinese website popping up automatically.fumfThu, 04 Dec 2008 12:14:49 -0000http://www.rtfa.net/2008/12/03/dell-datatraveler-4gb-usb-drive-with-trojan-virus#comment-4159952Step 1. Don't freak over something just because your AV says it's dirty, it may be a false positive, they do happen.<br><br>2. HijackThis<br><br>3. hijackthis.dePhilWed, 03 Dec 2008 22:58:59 -0000http://www.rtfa.net/2008/12/03/dell-datatraveler-4gb-usb-drive-with-trojan-virus#comment-4157798This is insane! I didn't find any other reports of this - you might be the first??? What kind of virus was it? Try to isolate it and post some more!!! CRAZY.farkingaWed, 03 Dec 2008 20:23:11 -0000