Encircle News!

Biz & IT, infection, plugx, Security, sinkhole, Tech Industry, Tech News, USB, worm

Millions of IPs remain infected by USB worm years after its creators left it for dead

April 25, 2024

Dan Goodin

Millions of IPs remain infected by USB worm years after its creators left it for dead

A now-abandoned USB worm that backdoors connected devices has continued to self-replicate for years since its creators lost control of it and remains active on thousands, possibly millions, of machines, researchers said Thursday.

The worm—which first came to light in a 2023 post published by security firm Sophos—became active in 2019 when a variant of malware known as PlugX added functionality that allowed it to infect USB drives automatically. In turn, those drives would infect any new machine they connected to, a capability that allowed the malware to spread without requiring any end-user interaction. Researchers who have tracked PlugX since at least 2008 have said that the malware has origins in China and has been used by various groups tied to the country’s Ministry of State Security.

Still active after all these years

For reasons that aren’t clear, the worm creator abandoned the one and only IP address that was designated as its command-and-control channel. With no one controlling the infected machines anymore, the PlugX worm was effectively dead, or at least one might have presumed so. The worm, it turns out, has continued to live on in an undetermined number of machines that possibly reaches into the millions, researchers from security firm Sekoia reported.

Read 10 remaining paragraphs | Comments

https://arstechnica.com/?p=2020055

January 2025
M	T	W	T	F	S	S
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1014: Just Say It's Capitalism – CES 2025, Meta News, Newag DRM – This Week in Tech (Audio)

The panel discusses CES 2025 How Watch Duty's wildfire tracking app became a crucial lifeline for LA Worst in Show awards 2025 Aaron Swartz v Sam Altman We've not been trained for this: life after the Newag DRM disclosure All the Meta stuff (fact checking, etc.) Heritage Foundation plans to 'identify and target' Wikipedia editors The Government Wants to Protect Robux From Hackers Twitch Streamers Come Home After Big-Money Contracts at Rivals Dried Up Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location Host: Leo Laporte Guests: Nicholas De Leon, Fr. Robert Ballecer, SJ, and Cory Doctorow Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: coda.io/twit expressvpn.com/twit threatlocker.com for This Week in Tech uscloud.com bitwarden.com/twit