Java Script Virus - Threats of Higher Capacity Thumdrives

There has been a recent outbreak of viruses where I work. One such virus is called "faizal.js". Symptoms are obvious. Your Internet Explorer is hijacked and the title of the window will have "-Faizal" attached at the end.

From what I gather and after reading the code on the bugger, I've found that it is quite the smart one. It's designed to copy itself to ALL partitions of any drive that is attached to the computer. So, if the hard drive has 2 or more partitions, all partitions will have a copy of the "faizal.js" and "autorun.ini" files. And when any thumbdrive is plugged it, it copies itself to the all removable drives as well.

Not only is it smart in transmitting itself, this bugger also has a high payload. So far, we've had about 5 or more cases of damaged/corrupted hard drives, thus nullifying any chance of data recovery. A few had their partition table (MBR) corrupted, but data was safe, so still had hope.

One thing is who in the hell came up with it, and WHY? Obviously it's the work of someone in the South East Asian region, Malay/Indo speaking, thanks to some of the comments that I was able to comprehend in the script. Guess they enjoy seeing people suffer and IP lost to the toilet.

Kapersky we have tested to be able to remove the threat. Others have all failed miserably. You can prove me wrong if you've found otherwise... The other way is to manually clean the registry: all the autoruns, mounted drive registries, and going into safemode to kill the processes and delete all associated files in root directories and Windows\System dircetories.

Still it begs the question -- despite all the fancy and 'great' antivirus/antispyware protection that we have installed and protected from the net, the simple use of a 'harmless' thumdrive, ranging from only about 128MB back in the days to a standard 8GB now, more & more threats are abound. Reminds me of the days when 3.5" floppy disks were the main carriers of the virus until 'write-protection' feature came along... I guess they should also implement that to ALL thumbdrives as well. I've seen a few models with the feature, where they have a small latch/switch/button to activate read-only.

Until then, what can we do on our computers? Well, if you have Spybot There a installed, activate the Tea-Timer to notify you of any changes to the registry or system files. They'll alert on ANYTHING and EVERYTHING. So be prepared to be annoyed, but at least you'll have the power to Accept or Deny a change, especially if the change was not done deliberately by yourself. There are other variations I've used before. I believe Norton has a similar feature.

Finally!! Back ONLINE!

Finally! After months of figuring it out, I managed to reclaim my account. Yes, I was that slow. Kick me... Anyways. Look forward to more techy blogs from me in the near future!