I have a list of suspects
Who suspects the RIAA? Or Sony's Rootkit department?
Virus writers have unleashed a worm that attempts to delete MP3 files from infected machines. The Deletemusic worm spreads via removable devices. As soon as an infected device is accessed the worm will be executed. Thereafter it copies itself onto all drives, including removable devices, and executes whenever Windows is …
First off this thing is just EVIL...
But don't blame the RIAA directly. This is undoubtedly the work of some crack-pot who has taken everything the RIAA has said (intentionally misinformed) as bible truth.
Anybody here in their 30's remember that a-hole (we'll all knew one) from childhood who's parents bought him every single CD that came to market? He would then show off the racks to his friends with that smug little smile and say 'yeah I'm really into music'. Pity your parents are poor.
He is now so upset that everyone has a an 18,000 song library that no one gives a toss about him anymore. So now he's out to get us.
Sorry if I sound a bit male-centric in this rant but I've never met a female who would actually get in a cock fight over a music collection. Typically the women I've known just say 'My three CDs are better than all of your's combined."
Touche!
@ Dillon Pyron: "Contract job? We already know that some Vx'ers do work on spec for various criminal elements."
And by "criminal" one assumes you mean "record companies who take 97% or more of the sales and pocket it, before passing anything on to the artists - when they bother to pass on anything at all."
"Anybody here in their 30's remember that a-hole (we'll all knew one) from childhood who's parents bought him every single CD that came to market?"
Oh yeah. I know a few of them showoff bastids back at college. I hope they rot in hell.
Good thing I have my MP3s backed up on DVDs and CDs. And ghost images of my PC's hard drives backed up in a removable USB disk.
If it makes it to my place it'll be unlikely to do anything.
Symantec AV Corporate should whack it before it goes anywhere. If it makes it past that, well then it has to know that my MP3s are actually stored on a different box (Linux server). And if it does find them, it'll hardly hurt.... All the music I care about is OggVorbis.
This isn't necessarily the work of the Music Industry. There are a lot of sad-acts out there who, for some reason, take pleasure in denying other people the enjoyment of their property. People who steal mobile phones, for instance: they know full well that the handset can be deactivated and rendered useless, even before the credit runs out. Their motivation isn't to have the phone for themselves: it's to stop you from having it. A virus that attacks media files sounds like the same sort of thing. Peevish, spiteful, mindless vandalism, but not necessarily the Music Industry.
Still, if it teaches people always to mount removable drives with -onoexec then it's probably a good thing in the long run.
BOFH?
If the pFY wrote it then it would copy the files off somewhere first, replace with some recorded sounds of a smutty nature and email the machine owner's other half a zip file full of p0rn for good measure.
I suspect BOFH would be more restrained and just delete the stuff from the corporate network "without prejudice". The deletion from any other attached devices is just good sense to stop it all being copied back.
>>Why is it "thick" to not disable autorun?
Because it implies utter and complete trust that anything you connect to your computer (CD/USB/DVD/What have you) is harmless.
It would be trivial for me to create a CD that would run rampant on your system, delete any number of files (or worse yet, scramble them just a *little* bit so you wouldn't suspect), install spyware, keyloggers, any other malware you can imagine. Autorun makes it simple.
My suggestion: Don't be so trusting. Don't leave your doors unlocked, don't put your keys under the mat, and disable autorun.
Seriously.