A worm that is attacking a vulnerability in Windows Server service, which Microsoft patched back in October, also is attacking USB devices.
According to ZDNet, F-Secure has discovered that the worm, which it calls Downadup, can propagate on the client side via USB sticks. If plugged into an infected computer, the malware creates an autorun.inf file on the USB drive that will in turn infect other unpatched systems. The worm tries to crack user passwords and is especially hard to detect.
The U.S. Computer Emergency Response Team is urging users to apply the patch linked to in MS08-067.