Windows 7 – serious USB drive malware exploit

Most of us agree that Windows 7 is Microsoft's finest operating system since the glory days of XP and they are doing a good job of keeping the operating system pretty secure so far.

Unfortunately some are slipping through the cracks, and the latest issue is a new Malware routine that takes advantage of Windows 7 ‘autorun/play' files.

The attack starts with an infected machine writing malware to a connected USB drive. The malware program writes two driver files – ‘mrxnet.sys' and ‘mrxcls.sys' onto the USB drive. These are nasty rootkit files which many experts are saying are using a stolen digital signature from a legitimate company such as Realtek.

When the unsuspecting victim inserts the USB drive onto their clean machine, and if the user allows the autorun sequence or opens the drive in Windows Explorer then the malware runs, duplicating itself to the attached computer.

Antivirus company VirusBlackAda spooted this a short while ago and have reported the issue to Microsoft. Many theories as to what this was actually attempting to do have been a hot topic for the last few days and it appears it is not stealing credit card information or bank details, but is targeting  Siemens WinCC SCADA systems. These are systems used in large factories and power plants and rumor already is rife with theories that this is some calculated espionage attempt, perhaps from coordinated Chinese hacking groups.

KitGuru says: Latest reports are that Microsoft are ‘looking into the issue'. They have already released a security advisory to help protect your system if you are worried.

Become a Patron!