Sign In
Register
Help
They can even spread infections like floppy disks could, only faster. With a floppy, if you left a disk with a boot sector infection in the drive it would infect your system the next time you booted your system if it had been left in the drive, or once you ran an infected program. But with USB drives, as soon as you insert an infected USB drive into a clean system, it can immediately infect the system when the infected file is automatically run by a Windows feature - AutoRun from the autorun.inf file on the media. You don't have to run anything to infect the system, it's done automatically for you. They are such a threat that many businesses and the Department of Defense prohibit the use of USB devices and all other external media (to include floppy disks and CD Drives).
There is nothing malicious about the autorun.inf file itself, it simply lists programs that should be run when the media is inserted. That's the same feature that starts the install routine when you insert a new program CD. Autorun can start a program from the autorun.inf file from many media, USB/flash drives, CDs, DVDs, external hard disks, and any volume that exposed itself as mass storage such as a digital picture frame or even a digital camera or potentially other devices that can connect to your PC via a USB connection. Most any type of storage device can end up being infected, and even digital picture frames and USB drives have been known to have shipped from the factory infected.
You need to take care if your system is infected and can't access the Internet. Many infections these days will infect flash drives. So if you download antivirus utilities or other programs from a clean system and transfer them to the infected system by USB drive, when you insert the USB drive into the infected system it can become infected, and the next time you plug the USB drive into the clean system, that system can become infected as well. You may not even know that your system is infected, and when you use a USB drive in multiple systems, you can infect every one of them simply by inserting the drive. That's why I recommend burning utilities to CD/DVD to transfer to an infected system and to not use a USB drive. This applies to both Windows XP and Windows Vista. In Windows 7, the AutoRun feature for USB drives has been eliminated (AutoPlay will still display AutoRun items on CDs and DVDs).
What can you do to make USB drives safer?
You need to prevent the automatic running of programs when you insert a USB/flash drive. You can either turn off the AutoRun and AutoPlay feature in Windows (for each system you might insert a USB drive into), or modify the USB drive so that programs on it won't be automatically run when inserted into a system.
Turn off AutoRun for USB devices:
That can be done for USB drives by installing a hotfix to Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008:
http://support.microsoft.com/kb/971029
Quote
This update disables AutoRun entries in AutoPlay, and displays only entries that are populated from CD and DVD drives. Effectively, this prevents AutoPlay from working with USB media.
This will prevent any program, malicious or a legitimate program, from running automatically when you insert a USB drive. To start any legitimate program, simply open Windows Explorer, navigate to the USB drive, and double-click on the program to manually run it.
Panda USB and Autorun Vaccine:
Another way to prevent the automatic running of programs is to run Panda USB and Autorun Vaccine. The program has two options, to either vaccinate a PC to disable AutoRun completely so that no program from any USB/CD/DVD drive (regardless of whether they have been previously vaccinated or not) can auto-execute, or on individual USB drives to disable its autorun.inf file in order to prevent malware infections from spreading automatically.
Flash Disinfector:
Another method to prevent a USB drive from automatically running software is to download and run Flash Disinfector by sUBs from http://download.blee...Disinfector.exe. Run the program and follow the prompts, and you will be asked to insert your flash drive(s). Wait until it has finished scanning, and then then exit the program, and after scanning the last flash drive restart your computer. The program will create a hidden folder named "autorun.inf" in the root of each partition of every USB drive plugged in when you ran it. You should not remove the folder.
Further Reading:
snemelk's page
Increase in USB-Based Malware Attacks
National Cyber Alert System Using Caution with USB Drives
miekiemoes' Blog - Please disable Autorun asap!
Social Engineering Autoplay and Windows 7
MultiQuote