11.28.12

Win32/SillyAutorun

We still encounter customers getting infected by Win32/SillyAutorun worm. This worm exploits Microsoft’s ‘Link’ and ‘Autorun’ files automatic execution and spreads through mapped, removable and file-sharing applications.

It connects to a remote site and downloads additional components to the compromised computer, then it creates multiple additional ‘Link’ files to further spread into other systems, installs file-sharing application and copy itself to the application’s shared folder.

If you haven’t done so, it is recommended to disable Window’s autorun functionality: http://support.microsoft.com/kb/967715