“Drives such as USB sticks infected with the virus trick users into installing the worm, according to researchers.

The “Autoplay” function in Vista and early versions of Windows 7 automatically searches for programs on removable drives.

However, the virus hijacks this process, masquerading as a folder to be opened. When clicked, the worm installs itself.

It then attempts to contact one of a number of web servers, from which it could download another program that could take control of the infected computer.

Bad guys

The worm is unusually clever in the way that it determines what server to contact, according to F-Secure's chief research officer Mikko Hypponen.

“It uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com,” said Mr Hypponen in a blog post.

“This makes it impossible and/or impractical for us good guys to shut them all down — most of them are never registered in the first place.

“However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website — and they then gain access to all of the infected machines,” he added.

It has also emerged that the virus automatically disables the automatic updates to Windows that would prevent further infection.

As the virus – also known as Downadup – has spread to an estimated 9m computers globally, a number of high-profile instances of the virus have arisen. “

Infostealer.Bancos.gen
Keylog.gen
Trojan-Spy.VB!sd5
Trojan-Spy.Win32.VB.fj

So, I still think this is freaking CRAZY. I mean, it was a brand new USB drive with a known Trojan on it.

2. HijackThis

3. hijackthis.de