USB Drive Malware Exploit Windows 7 Flaw in Apparent Espionage Effort

Microsoft has done a relatively good job building a secure operating system in the form of Windows 7 and patching the few flaws that have been discovered and widely published.  But like any OS there are still some gaping holes, and with Windows 7's growing market share, there's plenty of parties both malicious and altruistic to poke around and find those holes.

The latest threat is a new strain of malware that takes advantage of Windows 7's allowance of "autorun" or "autoplay" files.  

The attack vector begins with an infected machine writing malware to an attached USB drive.  The malware program writes two driver files -- "mrxnet.sys" and "mrxcls.sys" – to the attached drive.  These rootkit files are using a likely stolen digital signature of Realtek Semiconductor Corp.  The drivers serve "rootkit" functionality, disguising malware that is subsequently written to the drive.