Win32/SillyAutorun.FTW

Win32/SillyAutorun.FTW is a worm that distributes itself through both peripheral devices and IRC spam. Unusually, Win32/SillyAutorun.FTW doesn't compromise the entirety of a removable device's files at once – instead, Win32/SillyAutorun.FTW replaces files one at a time in staggered intervals, which presumably is part of an effort to avoid being detected. The usual means that SpywareRemove.com malware researchers encourage for protecting against worms also work against Win32/SillyAutorun.FTW, which only was detected recently, but still should be removable by any kind of worthwhile anti-malware software. However, you should be careful to scan any potentially-infected removable devices along with your hard drive, and avoid sharing such devices until you're certain that you've deleted all copies of Win32/SillyAutorun.FTW.

Win32/SillyAutorun.FTW: a Less Than Subtle Self-Proliferator

Win32/SillyAutorun.FTW is classified as a worm due to its ability to create copies of itself and distribute those copies to various locations, wherein they may thereafter infect other vulnerable computers. Win32/SillyAutorun.FTW uses one of the most documented distribution methods open to malware in general and worms in particular: removable devices, such as USB thumb drives, that can be written with new files. Like most worms, Win32/SillyAutorun.FTW doesn't overwrite the files in question (since that would be a rather large clue to its attack), but, instead, conceals them with the Windows 'Hidden' attribute and replaces them with visible copies of itself. These copies are named with the names of the original files and folders, with the notable exception of appending 's' to the end of each name (such as 'mydocs' instead of 'mydoc').

Additional measures Win32/SillyAutorun.FTW uses to hide its copies also include disabling your ability to change file-viewing settings that would let you see Hidden files, an attack that SpywareRemove.com malware experts also often find in worms that use similar distribution strategies. It should be noted that opening a copy of Win32/SillyAutorun.FTW will install Win32/SillyAutorun.FTW silently while also opening the original document or folder, thus minimizing any symptoms of the infection.

Shutting Down the Spread of Win32/SillyAutorun.FTW

Worms like Win32/SillyAutorun.FTW are capable of spreading throughout networks of removable device-sharing computers very rapidly, and, whenever dealing with a Win32/SillyAutorun.FTW infection, stopping Win32/SillyAutorun.FTW from doing just that should be your main priority. You also should be aware that Win32/SillyAutorun.FTW is capable of spreading through other sources, most prominently links in IRC, even in an absence of removable devices to be exploited.

As long as you scan your removable devices along with your hard drives, your anti-malware software should be able to remove Win32/SillyAutorun.FTW – which has been found to lack any sophisticated defenses features – without much difficulty. SpywareRemove.com malware experts haven't finished analyzing Win32/SillyAutorun.FTW's payload, but do warn that worms like Win32/SillyAutorun.FTW often have been known to distribute backdoor Trojans, rootkits and other high-level threats to your PC's safety.

Technical Details