Jump to content


Photo

USB/Flash Drive Safety


  • Please log in to reply
1 reply to this topic

#1 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,384 posts

Posted 04 October 2009 - 10:22 AM

USB/Flash drives (also known as pen drives, thumb drives or key drives) are the new floppy disks of this generation. They are portable storage media used for many of the same purposes that floppy disks were, to transfer programs from one computer to another, to run programs from, increase Windows performance by adding additional RAM (ReadyBoost in Windows Vista and Windows 7) and in some cases to even boot a system from.

They can even spread infections like floppy disks could, only faster. With a floppy, if you left a disk with a boot sector infection in the drive it would infect your system the next time you booted your system if it had been left in the drive, or once you ran an infected program. But with USB drives, as soon as you insert an infected USB drive into a clean system, it can immediately infect the system when the infected file is automatically run by a Windows feature - AutoRun from the autorun.inf file on the media. You don't have to run anything to infect the system, it's done automatically for you. They are such a threat that many businesses and the Department of Defense prohibit the use of USB devices and all other external media (to include floppy disks and CD Drives).

There is nothing malicious about the autorun.inf file itself, it simply lists programs that should be run when the media is inserted. That's the same feature that starts the install routine when you insert a new program CD. Autorun can start a program from the autorun.inf file from many media, USB/flash drives, CDs, DVDs, external hard disks, and any volume that exposed itself as mass storage such as a digital picture frame or even a digital camera or potentially other devices that can connect to your PC via a USB connection. Most any type of storage device can end up being infected, and even digital picture frames and USB drives have been known to have shipped from the factory infected.

You need to take care if your system is infected and can't access the Internet. Many infections these days will infect flash drives. So if you download antivirus utilities or other programs from a clean system and transfer them to the infected system by USB drive, when you insert the USB drive into the infected system it can become infected, and the next time you plug the USB drive into the clean system, that system can become infected as well. You may not even know that your system is infected, and when you use a USB drive in multiple systems, you can infect every one of them simply by inserting the drive. That's why I recommend burning utilities to CD/DVD to transfer to an infected system and to not use a USB drive. This applies to both Windows XP and Windows Vista. In Windows 7, the AutoRun feature for USB drives has been eliminated (AutoPlay will still display AutoRun items on CDs and DVDs).

What can you do to make USB drives safer?

You need to prevent the automatic running of programs when you insert a USB/flash drive. You can either turn off the AutoRun and AutoPlay feature in Windows (for each system you might insert a USB drive into), or modify the USB drive so that programs on it won't be automatically run when inserted into a system.

Turn off AutoRun for USB devices:

That can be done for USB drives by installing a hotfix to Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008:
http://support.microsoft.com/kb/971029

This update disables AutoRun entries in AutoPlay, and displays only entries that are populated from CD and DVD drives. Effectively, this prevents AutoPlay from working with USB media.

This will prevent any program, malicious or a legitimate program, from running automatically when you insert a USB drive. To start any legitimate program, simply open Windows Explorer, navigate to the USB drive, and double-click on the program to manually run it.

Panda USB and Autorun Vaccine:

Another way to prevent the automatic running of programs is to run Panda USB and Autorun Vaccine. The program has two options, to either vaccinate a PC to disable AutoRun completely so that no program from any USB/CD/DVD drive (regardless of whether they have been previously vaccinated or not) can auto-execute, or on individual USB drives to disable its autorun.inf file in order to prevent malware infections from spreading automatically.

Flash Disinfector:

Another method to prevent a USB drive from automatically running software is to download and run Flash Disinfector by sUBs from http://download.blee...Disinfector.exe. Run the program and follow the prompts, and you will be asked to insert your flash drive(s). Wait until it has finished scanning, and then then exit the program, and after scanning the last flash drive restart your computer. The program will create a hidden folder named "autorun.inf" in the root of each partition of every USB drive plugged in when you ran it. You should not remove the folder.

USB-set:

USB-set by Loup Blanc is a program that will help users to configure their PC's Windows Autorun and AutoPlay functions in order to limit the risk of spreading infections by removable media between your PC. You can read more about it in this topic:
USB-set 1.4 Prevention tool against USB infections


Further Reading:
snemelk's page
Increase in USB-Based Malware Attacks
National Cyber Alert System Using Caution with USB Drives
miekiemoes' Blog - Please disable Autorun asap!
Social Engineering Autoplay and Windows 7

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#2 Schicklegroover

Schicklegroover

    Member

  • Helper Trainee
  • Pip
  • 3 posts

Posted 22 February 2015 - 12:47 PM

 

That's why I recommend burning utilities to CD/DVD to transfer to an infected system

Thank you, Joker. Somewhere in the recent blur of my newbie reading I came across an instruction to load something from CD/DVD and thought it curious but not enough, apparently, to form a conscious question as to why not load from USB. That subconscious curiosity should have prompted me to add a note to my research list. You have prompted me to tweak my behavior a bit. Thanks. One question answered/ticked off... a few thousand (and growing) to go. Emptying an ocean with a teaspoon but how stimulating this all is!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!