[Gomez]

ping

[Yo-Yo]

Hmm, where are most USB Flash Drives manufactured these days?

[Gun142]

This means that the sample trojans found so far can't simply be started on an arbitrary Windows system – the malware will only start in the OllyDbg debugger after some modifications to the code.


So, this affects what percentage of Windows users?

"after some modifications to the code"
Sounds like you have to mess with the system just to get the malware to work.
Don't think I'll lose any sleep over this one.

[Washi]

It appears that the malware specifically targets process control systems and their visualisation components.

SCADA systems are those that monitor and control infrastructure facilities like power plants, gas lines, sewage plants etc.

This isn't the work of script kiddies trying to muck up your web-surfing. This appears to be targeted at serious systems by a knowledgeable attacker(s).

[RachelFaith]

PING.... our turn at bat.

[RachelFaith]

a copy of the trojan managed to infect a fully patched Windows 7 system (32-bit) without having to resort to such common auto-start tools as autorun.inf when a Flash drive carrying the trojan was plugged in. Instead of spreading through auto-start, the malware exploits a flaw in the code for processing short-cuts (.lnk files): Once the relevant icon is displayed in Windows Explorer, malicious code is launched without any further user interaction.

Well, there goes your "Windows 7 is just as secure as Mac OSX" shtick.

Real trogan, in the wild, doing an actual exploit, not in some lab, and without any user intervention required.

Plink Plink Plink

Just dropping 3 quarters in the machine and waiting for the spin cycle to begin....