With all of the news about hackers, virus writers, etc, using USB drives, or thumb drive, to install malicious code on unsuspecting users machines, I thought I would post a quick and easy way for anyone to disable the autorun, or autoplay, feature on their computers that have USB ports. This is not only a good idea on that it can save you from seeing the same old screens all the time, it will block against it automatically installing programs, malware, etc, on your computer. Itelliadmin has a great little program that you can run to turn it off or back on if needed, USB Drive Disabler – enable or disable USB drives on your Windows 2000, 2003, or XP systems or you can use USB Remote Drive Disabler – same capabilities as USB Drive Disabler only you can do it across your LAN.
If you don’t want to download and run a free utility, here is a page that tells you step by step how to do it on your machine, How to disable Autoplay, but this method disables the autoplay on both your CD Rom drives and USB drives. This method would have the benefit of blocking some CD’s from installing the DRM, like from the Sony fiasco, but it would not automatically play music cd’s on installation programs.
As an example of what can happen when you allow the autoplay to run on USB drives, there is a new worm making the rounds that uses a method of infection that was last seen in the early 1990′s, ah, the good old days. The only difference in this worm is it uses the USB drive and not a floppy drive, Sophos has decided to call this worm the SillyFD-AA worm, and once it is on a USB drive it bypasses network security and runs when the drive is plugged in.
“With USB keys becoming so cheap, they are increasingly being given away at tradeshows and in direct mailshots.,” said Sophos’s security guru, Graham Cluley. “With a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals bent on targeting a specific business with their malicious code.”
“In this example, changing the title of the Internet Explorer browser indicates that this particular variant of the worm has not been written with completely clandestine intentions. A savvier internet criminal would have not made it so obvious that the PC has been broken into, but silently steal from the PC without leaving such an obvious clue,” he said.
In recent times, USB drives have become corporate enemy number one. They can be used to steal data without attracting attention, to host malware of various sorts, and ruin the best-laid but unsuspecting compliance regimes. Source: Retro worm sniffs out USB drives
So if the title in your copy of Internet Explorer says Hacked by 1BYTE, you have been infected. At least they are nice enough to tell us they have done it, the next?s guys will not be so accommodating.
There have been many other stories involving thumb drives lately, like Hackers Using USB Drives to Spread Banking Malware, where they left USB drives in a London car park in hopes that users will carry them home and insert them into a USB drive, infecting their computers with the malware they have created to steal login id?s and password to the users online banks, or this one, Social Engineering, the USB Way, where a security company was testing bank employees and left thumb drives in the smoking areas, outside the bank etc, and 75% of them got inserted into a machine and were sending back info to the security team, in which they could use to compromise additional systems.
Boy, if this isn’t a good idea for some hackers to implement, then I don’t know what is. They have left USB drives in a London car park in hopes that users will carry them home and insert them into a USB drive, infecting their computers with the malware they have created to steal login id’s and password to the users online banks.
Banking Trojans are written for profit and sold through Russian language websites and elsewhere for between $2,000 and $5,000. Two of the main groups of Trojan malware authors – Corpse and SE-Code – are based in Russia and “market” the Haxdoor and Apophis strains of banking Trojans. An unknown Russian speaking virus writer group is behind Torpig, another banking Trojan family. Malicious code variants of the Bancos Trojan are sold by an unnamed group in Brazil. Source: Hackers debut malware loaded USB ruse
A commenter suggested checking out this webpage from Dark Reading, Social Engineering, the USB Way in which a bank asked them to try to social engineer their way on the banks network to test out their employees. The employees even knew they were going to be tested, the gentleman from Secure Network Technologies Inc created a program that collected userids and passwords, loaded it onto USB drives and left them in the parking lot, smoking areas and other places that employees went and waited to see what happened. They almost immediately started receiving data as 15 of the 20 USB drives were found and inserted into users computers.
This may prove hard to beat, as people finding a USB drive will want to plug it into their computers to see what is on it. Very interesting.