Recently Samsung released a new cell phone, the Wave, with a microSD card infected with malware. The malware itself doesn't run on the phone, but does try to infect your computer. One could speculate that the imaging computer used to manufacture the first run of SD cards was infected and further spread the infection to customer computers.
It appears that this malicious software was distributed only to a limited number of customers and was isolated to a specific geographic region east of Spain and west of Poland.
We detect this malware as Worm:Win32/Verst.A.
In addition to being a worm, Verst.A searches for credentials and software registration details from a variety of applications including Miranda ICQ, WebMoney, QIP Infium, and Multi Password Recovery. We find it interesting that this threat searches for saved credentials from another password recovery tool. For more information, please view our detailed analysis available at:
Verst.A spreads by taking advantage of the autorun feature in Windows. If run, the worm starts a thread that continuously tries to copy itself to all drives from A to Z. Fortunately Windows 7 will prompt users before invoking autorun. Also, you can update your autoplay functionality on other Windows versions by following the instructions here.
If you suspect that you're infected, we suggest that you scan your system for malware using a credible scanner such as Microsoft Security Essentials.
- Dan Kurc & Tim Liu