Thursday, August 26, 2010
USB drive as trojan horse
With a normal pen drive there is a danger only under Windows 2000. Since XP the line open= in the autorun.inf file is no more executed by windows. But XP does it on CD-ROM drives! Therefore these U3 flash drives use a fake CD-ROM drive on their pen drives which launches the 'U3 launchpad' automatically. But the contents of the CD-ROM can be easily changed into malware!.
So, whenever you attach a foreign USB drive, hold down the Shift key to skip AutoRun. Or completely deactivate AutoRun by means of my tool AutoRunSettings
Microsoft's TweakUI is buggy here. It completely ignores the default values, so once used, AutoRun for unknown and network drives gets activated! But there are more dangerous mechanisms, see here:
In August 2008 Microsoft finally recognized that there is a security problem and offers updates which apply the autorun settings to the manual actions too, see here:http://support.microsoft.com/kb/953252