If a picture is worth a thousand words, then a live demo is worth many pictures. The autorun.inf file is an optional part of Autoplay. The concept is elegant in its simplicity.Īnd, this is separate and distinct from the Autoplay feature of Windows. Nick Brown’s registry update simply tells Windows not to process any autorun.inf files. On top of this, bad guys can also modify the displayed volume label and icon for an external USB device, to try and entice a user into falling for one of the above tricks.Īll the maliciousness is centered in a single file called autorun.inf. Malware can either add a new entry to the context menu or redefine the meaning of one the normal entries. Run via a modification to the context menu (the pop-up menu displayed when you right click on a drive letter).Run when the user double-clicks on the drive letter in My Computer (or Computer).Run via the Autoplay pop-up window by adding an entry to the list of options and making this malicious entry appear to be something that it is not.This is typically allowed only on CDs and DVDs, however, other external USB devices can appear to Windows as CDs and thus cause software to, literally, run automatically. There are four ways that malicious software on a USB flash drive (thumb drive, pen drive, memory stick, etc.) can execute and infect a Windows computer: The language used insures mis-understandings about autorun/autoplay. Part of the problem in understanding autorun/autoplay is that there are five aspects to it, yet we have only two words: autorun and autoplay. In particular, the Taterf worm, which spreads by exploiting autorun, was detected by Microsoft on 4.91 million Windows computers.Īnd, despite the plethora of articles on how Microsoft is making this all better, my latest PC, a netbook running Windows XP SP3, was vulnerable to autorun hacking even with all the latest patches installed. The good way is from two people no one knows (myself included) – Nick Brown and Emin Atac.Ī recent article about autorun security problems in the Washington Post is chock full of statistics on how bad the problem remains. There is, in a nutshell, a good way and a bad way. There is a frequently written about way and one that is often overlooked. There is an easily understood way and one that no one fully grasps. There is a consistent way and one whose design has changed over time. There is a foolproof way and one that has needed multiple patches. There is an all-encompassing way and one whose design has holes in it. There is a consistent way and one that varies depending on the version of Windows. What many Windows users don’t know is that there are two different approaches to disabling autorun/autoplay. For years now bad guys have been exploiting this to automatically infect PCs with malicious software.Įveryone knows this. I’m speaking of autorun/autoplay, a feature in Windows that lets programs run automatically when a CD or USB flash drive is inserted into a PC. Way back when, Microsoft opted for convenience over security and Windows users have been sitting ducks ever since.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |