Encyclopedia

Panda Global Protection 2011

Enjoy total security and ensure information integrity.

BUY with 20% OFF	DOWNLOAD FREE

USBToy
Threat LevelDamageDistribution

At a glance Tech details Solution

Effects

USBToy displays the following message whenever Windows is started:

Its main objective is to spread through USB devices.

Infection strategy

USBToy creates the following files:

MSLOGON.EXE, in the Windows system directory. This file is a copy of the worm.
AUTORUN.INF, in the USB device, if there is any.
TOY.EXE, in the USB device, if there is any. This file is also a copy of the worm.
These two files remain hidden in the device.
SYSTEMNT.EXE in the directory: C:\Documents and Settings\%user%\Start Menu\Programs\Startup
where %user% is the user that has logged in.
This way, this file will be run whenever Windows is started.

USBToy uses the Windows API (Application Programming Interface) called SetFileAttributesA in order to hide the files AUTORUN.INF and TOY.EXE and the subfolder STARTUP located in the directory: C:\Documents and Settings\%user%\Start Menu\Programs.

Means of transmission

USBToy spreads from computers to USB devices and vice versa. In order to do so, it follows the routine below:

When it is run, USBToy checks if there is any USB device connected to the computer.
If it finds any, USBToy will infect it by copying two files, which remain hidden, to the device.
When the infected USB device is connected to other computer, this computer will be also infected by USBToy.

Further Details

USBToy is written in the programming language Visual C++ v6. This worm is 45,056 bytes in size.

Last updated: 01/05/2007

Thanks to Collective Intelligence, Panda's exclusive cloud-computing technology, the company's 2010 solutions leverage the knowledge gathered from the community of millions of Panda users around the world. Each new file received is automatically classified within six minutes and the Collective Intelligence servers classify more than 50,000 new malware samples every day. These technologies correlate information on malware received from each computer to continuously improve the protection level for the worldwide community of users. Panda's 2010 solutions have continuous, real-time contact with this vast knowledge base allowing the company to offer users the fastest response against the new malware that appears every day.

News

Help your friends against viruses: share, save and subscribe to our security content. Thank you.

Rescue of Chilean miners used as new lure by banker Trojan, reports PandaLabs

Top scams on the Web

Panda Security Receives Top Score in Most Recent AV-Comparatives.org Security Su...

[+ News ]

RSS - News coverage on virus and intrusion prevention | TWITTER - PANDA SECURITY

Our Cloud Twitter | Web Map | Contact | Affiliates