IT security experts at Sophos, a security solutions provider, have issued a warning to companies, advising them to keep their guards up against a wild worm that could be prowling on many removable drives.

Through self-installation, the worm, called “W32/SillyFD-AA” spread itself by copying onto removable drives such as floppy disks, USB memory sticks, which then automatically run when the device is connected to a computer. It then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is connected to a Windows PC.

On top of that threat, it also changes the title of Internet Explorer windows to append the phrase “Hacked by 1BYTE”, says Sophos’s IT security experts.

“With USB keys becoming so cheap they are increasingly being given away at tradeshows and in direct mailshots. Marketing people are prepared to use them as ‘throwaways’ with the aim of securing sales leads,” said Graham Cluley, senior technology consultant for Sophos.

“Computer owners should tread very carefully when plugging an unknown device into their PC, however, as it could have malicious code planted on it. With a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals bent on targeting a specific business with their malicious code.” Cluley added.

Sophos experts note that as more and more businesses now have strong defenses in place to protect against email-aware viruses and malware, hackers are increasingly looking for other less well defended routes, including USB keys, to infect innocent users.

“In this example[see screenshot above], changing the title of the Internet Explorer browser’s windows should be a pretty clear sign to most people that something strange is afoot,” Cluley said.

“It also indicates that this particular variant of the worm has not been written with completely clandestine intentions. A more savvy internet criminal would have not made it so obvious that the PC has been broken into, but silently steal from the PC without leaving such an obvious clue.” Cluley concluded.

Sophos IT experts also advised users to disable the autorun feature of Windows so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC.

In addition, any storage device attached to a computer should be always checked for viruses and other malware before use. Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code which could infect the computers without user’s knowledge.