Microsoft: removable drive worm still spreading
A quick-spreading worm that first surfaced on removable drives in 2009 is still finding success, and once it infiltrates corporate networks, it can be difficult to contain as it swiftly spreads from system to system, according to Microsoft.
Once the Vobfus worm infects a system, it downloads additional malware from remote servers while simultaneously looking for other removable drives to spread to other machines. Vobfus has been connected to a variety of financially motivated attack campaigns and has been used by a number of botnets, including Zbot, the Zeus banking Trojan malware family.
When Vobfus reaches out to a command-and-control server to download additional malware, it can make remediation efforts more difficult for IT teams, wrote Hyun Choi, a Microsoft malware researcher, in his analysis of the threat in the Microsoft Malware Protection Center blog. In particular, Hyun said a Trojan downloader called Beebone, seen in conjunction with Vobfus, causes serious problems because Beebone will also reach out to a remote server to download additional malware including other variants of Vobfus.