back to article This Windows worm evolved into slinging ransomware. Here's how to detect it

Raspberry Robin, a worm that spreads through Windows systems via USB drives, has rapidly evolved: now backdoor access is being sold or offered to infected machines so that ransomware, among other code, can be installed by cybercriminals. In a report on Thursday, Microsoft's Security Threat Intelligence unit said Raspberry …

  1. Anonymous Coward
    Anonymous Coward

    It would be good if Microsoft stopped tracking and actually did something to fix Yet Another Security Hole..

    1. Phil O'Sophical Silver badge

      What, like testing software before they release it?

      1. Anonymous Coward
        Anonymous Coward

        No, they've got their users for that. (a) It's not like they have a choice anyway and (b) it hands more money to hostageshare-holders by dropping the beta test expenses.

    2. that one in the corner Silver badge

      Yet Another Security Hole

      Like telling people not to pick up random USB memory sticks, not to click on random links and not to let things auto-run?

      These are hardly new threat vectors and, aside from the last, not a lot MS can do about them!

      (Yes, saw the bit about other ways to get infected, but without any more info on how, there is nothing to say about those)

      1. OhForF'

        Re: Yet Another Security Hole

        Well Micros~1 could disable auto-run from USB sticks as the default.

        Auto-run only being active for identified USB sticks (e.g. using some hash on the auto-run command) after it was authorized once after acknowledging a security warning would stop a lot of attacks on users not aware of this attack vector.

        A trade off between security and convenience - what will win?

        1. that one in the corner Silver badge

          Re: Yet Another Security Hole

          We've been telling everyone in earshot to switch off autoplay ever since the blasted "feature" was enabled for floppy drives, some - what, 35 years ago?

          But software vendors and customers complained it made it "too hard to install software". Then it was "so much better" that you could also just put a music CD in and have it play.

          Then we got USB playing the same tricks, to the delight of all the vendors at commercial shows (boats, cars, drugs - not just computers) with their advertising on "free" memory sticks.

          And the *entire* time, autoplay was also being used to install trojans, viruses and rootkits (everyone wave at Sony).

          Unless the Users get a damn great kickup the backside, their demand for convenience is going to stay. Sorry, this one I've given up blaming MS for, the Users want it. Blast them.

        2. Anonymous Coward
          Anonymous Coward

          Re: Yet Another Security Hole

          "Well Micros~1 could disable auto-run from USB sticks as the default."

          From the Microsoft security blog:

          "Autorun of removable media is disabled on Windows by default. However, many organizations have widely enabled it through legacy Group Policy changes".

        3. Roland6 Silver badge

          Re: Yet Another Security Hole

          >Auto-run only being active for identified USB sticks (e.g. using some hash on the auto-run command)

          But that would require the USB drive to be scanned in its entirety (including free space) so as to generate a hash which could be used to confirm contents haven't changed since last usage on that specific system.

          Obviously, I (or Windows automatically) copy a file onto that USB stick and it will have a new hash...

        4. WolfFan Silver badge

          Re: Yet Another Security Hole

          Apple disabled their equivalent of Auto-Run in 1997-8, when the Auto Start Worm arrived. Apparently some Windows fanboi was butt-hurt by all the Apple ads saying that Power PC CPUs did twice the work per clock cycle than Intel CPUs (which wasn’t quite true, but close enough to annoy some Crapple haters) and created malware which cut PPC speeds by half. It installed using Apple’s Auto Start feature. Apple issued a fix which turned Auto Start off, killing the malware.

          Microsoft has turned Auto Run off by default… it took them over a decade to do it, but they did. Some idiots turn it back on. I hate to say it, but this one isn’t Microsoft’s fault. This one is purely local, either PEBCK or, worse, lazy administrators who implemented stupid policies.

          I have disabled anything resembling Auto Run on all hardware that I control. Several users have asked me to enable it. I have a form stating that I will do that, if they take responsibility for any malware that gets onto the system and/or network as a result. For some reason nobody signs it. Pity, that.

  2. that one in the corner Silver badge

    Ultimately, Raspberry Robin first appeared

    "Ultimately"? Not "initially"?

    Like Merlin, this is living its life backward?

  3. M.V. Lipvig Silver badge

    Hang on,

    I thought you recognized the Windows Worm when you boot your computer and see a 4 paneled window with each panel a different color?

    1. JWLong

      Re: Hang on,

      That's not a worm, it's a turd!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like