New malware deletes MP3 files
A recently discovered worm attempts to delete all the MP3 files it can find on a computer. In order to do this, the worm, which has been named W32/Deletemp3.worm (McAfee), W32.Deletemusic (Symantec) or Win32/AutoRun follows in the footsteps of W32/Napir-B, which hit the headlines in the middle of 2005.
After the system has become infected, Deletemp3, which is programmed in Delphi, adds itself to the Windows autostart list so that it can reactivate each time the computer is restarted. However, McAfee comments in its malware description that since the program paths are fixed, the worm cannot run properly in Windows 2000. It also deactivates Task manager and the folders context menu in Windows Explorer. Deletemp3 then deletes all the MP3 files it can find on the infected computer.
In order to spread, Deletemp3 also creates the files autorun.inf and csrss.exe on all hard disks from E: to O:. With removable media, the malware is executed through the Autorun function by, for example, plugging an infected USB stick into a Windows computer. So far, the propagation level of the malware is low and several antivirus manufacturers are already supplying signatures for the worm.
However, users should exercise caution by holding down the SHIFT for a few seconds in order to deactivate the Autorun function when they plug in USB sticks or other removable media to their computers or when they insert a disk. Users should also make regular backups for their critical data by burning DVDs or using automated backup tools.
- W32/Deletemp3.worm, Malware description from McAfee