The most common vector for virus infection thru USB flash drives exploits the AutoRun feature of Windows. Find out how to turn off this feature and hopefully provide you another level of protection.
AutoRun, Be-gone!
Windows came with the feature called AutoRun, or AutoPlay, that allows the computer to launch a program once you insert a CD or USB flash drive into your system. This is handy feature is what makes your CD launch the installer or your DVDs to launch the correct player. But this feature poses significant risks. For more information, see the article, USB Virus Get Sneaky.
Once you insert your CD or USB flash drive, Windows searches for the autorun.inf file in the root directory. If found, Windows executes the contents of the file. With Windows XP and Vista, the default action to take when the autorun.inf file is not found is to prompt the user on what to do based on the contents of the new media. Otherwise, the indicated program in the autorun file is executed. Convenient it may be, unfortunately, a virus may use this as a technique to infect your system. All it takes is a USB flash drive with an autorun and an executable program its root folder.
Folder and Directory means essentially the same - a way to organize files. Root directory means the top-most level of a drive, usually denoted by a backslash (\). Root directories usually contain boot information and other files that are usually marked important or highly accessed.
In Windows XP, you can change the defaults for AutoPlay by right-clicking the drive in Windows Explorer, and selecting Properties. Under the AutoPlay tab, you can control what Windows does for each type of media. Changing the settings here have no effect in preventing autorun.inf from being executed.
Although the Registry keys, NoDriveAutoRun and NoDriveTypeAutoRun, can turn off the feature, this can be overridden. A registry entry, MountPoints2 (see Removing Common USB Viruses), contained cached information to launch the program. This cache is obtained when the user first inserted the media, including, but not limited to hard drives, USB flash drives and optical media.
No comments:
Post a Comment