This is a very prone
malware and probably everyone has experienced it at least once, from cyber
cafes, the movie Guy or from that friend who has always infected USBs dongles.
USB-borne malware is
extremely common, and most malware that propagates via USB and other removable
drives traditionally has taken advantage of the Windows
Autorun or Autoplay
feature.
This strain of malware
leveraged a vulnerability in the method Windows uses for handling shortcut
files. Normally this are links to the mother file and for them to execute a
user has to click but for the malicious files the shortcut executes
automatically. Basically you just have to open an infected USB and pap the
malicious code infects your machine.
Types of shortcuts
There are of two types:
- FILE AND FOLDER SHORTCUT VIRUS
- FLASH DRIVE SHORTCUT VIRUS
FILE AND FOLDER SHORTCUT VIRUS
This affects files in
your computer. It replicates all files and folders in your computer and creates
a shortcut to all these folders and hides the original ones. This leaves the
user with no option but to click on the shortcut to access the
information.
Worst case scenario is
the fact that this malware may be creating a backdoor or collecting information
from the machine and sending it to the attacker.
FLASH DRIVE SHORTCUT VIRUS
This baby is a Trojan
that infects USB dongles and external hard drives. All files on the USB stick
are consolidated in one big shortcut that is displayed on the dongle.
Once again you have to
click on the shortcut to access your files. Who knows what happens after the
click.
Keeping your safe
As usual step one is to install
an antivirus and make sure it’s updated. Many will ask which the best is. Best
answer buy any from Kaspersky, quick heal, bit-defender, AVG, etc. they all
basically by now work the same but make sure they are up to date.
Step 2, do not open your
Flash Drive via autorun and from My Computer.
Open your Flash Drive
and Hard Disk by right-clicking it, then click explore or type its drive letter
in the windows address bar to prevent any script from running.
Lastly if you manage to
get infected let me show you a quick way to heal your devices.
This involves a “command
prompt”. Now click “ start “, “ run “, “type CMD” “type the drive letter of
your flash drive or external hard disk and a colon after it “eg F:” Once done
type this attribute “ attrib f:*.* /d /s -h -r -s ”.
You should see your files
now and Shortcut Virus must be removed.
Please take note the f:
after the attrib , change it with your flash disk drive letter; if your flash
drive, drive letter is n: then change it with n:.
There are many tutorial
out there on how to resolve this malware I don’t want to add to that list it’s
too long already.
As always prevention is
better than cure.