Block the USB Autorun Feature and Prevent Future Problems

With all of the news about hackers, virus writers, etc, using USB drives, or thumb drive, to install malicious code on unsuspecting users machines, I thought I would post a quick and easy way for anyone to disable the autorun, or autoplay, feature on their computers that have USB ports. This is not only a good idea on that it can save you from seeing the same old screens all the time, it will block against it automatically installing programs, malware, etc, on your computer. Itelliadmin has a great little program that you can run to turn it off or back on if needed, USB Drive Disabler - enable or disable USB drives on your Windows 2000, 2003, or XP systems or you can use USB Remote Drive Disabler - same capabilities as USB Drive Disabler only you can do it across your LAN.

If you don’t want to download and run a free utility, here is a page that tells you step by step how to do it on your machine, How to disable Autoplay, but this method disables the autoplay on both your CD Rom drives and USB drives. This method would have the benefit of blocking some CD’s from installing the DRM, like from the Sony fiasco, but it would not automatically play music cd’s on installation programs.

As an example of what can happen when you allow the autoplay to run on USB drives, there is a new worm making the rounds that uses a method of infection that was last seen in the early 1990’s, ah, the good old days. The only difference in this worm is it uses the USB drive and not a floppy drive, Sophos has decided to call this worm the SillyFD-AA worm, and once it is on a USB drive it bypasses network security and runs when the drive is plugged in.

“With USB keys becoming so cheap, they are increasingly being given away at tradeshows and in direct mailshots.,” said Sophos’s security guru, Graham Cluley. “With a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals bent on targeting a specific business with their malicious code.”

“In this example, changing the title of the Internet Explorer browser indicates that this particular variant of the worm has not been written with completely clandestine intentions. A savvier internet criminal would have not made it so obvious that the PC has been broken into, but silently steal from the PC without leaving such an obvious clue,” he said.

In recent times, USB drives have become corporate enemy number one. They can be used to steal data without attracting attention, to host malware of various sorts, and ruin the best-laid but unsuspecting compliance regimes. Source: Retro worm sniffs out USB drives

So if the title in your copy of Internet Explorer says Hacked by 1BYTE, you have been infected. At least they are nice enough to tell us they have done it, the next?s guys will not be so accommodating.

There have been many other stories involving thumb drives lately, like Hackers Using USB Drives to Spread Banking Malware, where they left USB drives in a London car park in hopes that users will carry them home and insert them into a USB drive, infecting their computers with the malware they have created to steal login id?s and password to the users online banks, or this one, Social Engineering, the USB Way, where a security company was testing bank employees and left thumb drives in the smoking areas, outside the bank etc, and 75% of them got inserted into a machine and were sending back info to the security team, in which they could use to compromise additional systems.

No Comments »

No comments yet.

RSS feed for comments on this post. | TrackBack URI

Leave a comment