The latest trick from malware (define) writers is a retro form of virus propagation. For some time now, e-mail has been the standard form of delivery and spreading of malicious code by getting users to click on malicious links. But in the pre-Internet days, viruses typically spread from one computer to another via the floppy disks people used to share data and applications.
That old method is coming back, with a modern twist. Now the bad guys are targeting USB storage devices, most notably USB thumb drives, by taking advantage of the nature of the drive and a major weakness in Windows.
USB drive problems with XP [Archive] - Defcon Forums::
Jul 5, 2004 When you do not follow this model (Control dictates . assigned device as well as the new drive which has been assigned a default key and
http://forum.defcon.org/archive/index.php/t-3994.htmlHOME |
When a removable media like a thumb drive or CD-ROM are placed in a computer's USB port or optical drive, respectively, a program can be automatically executed through the autorun.inf file. Windows' AutoRun facility is programmed to seek this file and execute whatever instructions are in it.
In the case of an application install CD, the installer starts up the installation process. In the case of INF/Autorun, it installs malware on the user's system, such as a Trojan, rootkit (define) or keystroke logger.
INF/Autorun first appeared on the monthly threat report from ESET Software, developer of the NOD32 antivirus program, in June of 2007, accounting for 2.17 percent of all malware encountered by the company and its customers that month.
By last month, just nine months later, it now accounts for 10.3 percent of detections, making it the most prevalent form of malware the company saw all month. Why did it become so popular? Because it works so well, said Randy Abrams, director of technical education at ESET.
aTV Update Gives AppleTV FTP and USB Drive Support | 43 Folders::
Is it imperative that you use a USB flash drive of 1 GB in size or less? .. and has been lovingly skinned for Drupal by the code ninjas at RoopleTheme.
http://www.43folders.com/2008/07/25/atv-updateHOME |
"AutoRun is the biggest Microsoft security hole right now," he said. "The stuff in e-mail and links exploit user ignorance. Autorun prevents an educated user from having much of a chance."
USB Password Protect Software - Password Protect Your USB Drive::
The Password Protection Software has been designed with ease of use in mind and comes with a built-in tutorial to guide the most novice of USB Flash Drive
http://www.securestix.co.uk/usb_password_protect_software.phpHOME |
Cool Solutions: Manually Mounting a USB Flash Drive in Linux::
Feb 16, 2005 Now your /etc/fstab file has been altered, and you're ready to mount your flash drive. to do so, simply enter the following commands:
http://www.novell.com/coolsolutions/feature/11637.htmlHOME |
While it is possible to shut off AutoRun, iTunes prompts the user to turn it on, so music CDs automatically play when placed in the CD-ROM drive. Users don't even think about the consequences and say yes.
But Abrams claims leaving AutoRun active dramatically lowers security. "It would not be at all unreasonable to call iTunes a potentially dangerous application," he said, because of the way iTunes tries to get users to turn on AutoRun without disclosing what Abrams called "the very real, extensive, and well known dangers."
Abrams advice? Shut off AutoRun on your computer and leave it off despite iTunes' prompting. "That helps a whole bunch. Microsoft should have done this a long time ago. Even Microsoft's own security experts say so," said Abrams.
Other security dangers of note
Some of the other pests of note in ESET's March 2008 report: Win32/Adware.Virtumonde continues to be a major nuisance by burying its hooks so deeply into a computer it becomes impossible to remove. Virtumonde isn't malicious but it is annoying. It bombards the user with pop up advertisements. Because of the way it installs itself, removal is quite a task.
ESET has also noticed the emergence of Mebroot, a rootkit that uses classic boot sector virus techniques. It moves the Master Boot Record to another sector and copies its own code to sector 0, where the MBR is supposed to be. It then patches ntoskrnl.exe and maintains persistence by storing its data in disk sectors rather than in files, while making no registry changes. Viruses are often caught because they make entries into the Windows registry. This makes Mebroot tough to detect and eradicate.
 AMD Acquires ATI, Plans New Kinds of Processors
 EMC Kicks NetApp's NAS
|
HOME
PRINT
Add to favorites