Thu, Nov 20 2008 16:49
Malicious Code Spreading Through USB Flash Drive Devices
US-CERT is aware of public reports
of an increase in malicious code propagating via USB flash drive
devices. Currently, there are two popular methods by which USB flash
drives are being infected with malicious code. Please note that these
are not the only two methods available.
The first of these
methods is referred to as simple file copy. This means that the
malicious code initially resides on an infected computer and copies
itself to all the storage devices connected to the affected computer.
This method requires the user to access the USB flash drive and execute
the malicious code.
The second method is referred to as
AutoRun.inf modification. This means that the malicious code alters or
creates an autorun.inf file on targeted storage devices connected to
the affected computer. When an infected USB flash drive is connected to
another computer, the malicious code can be automatically executed with
no additional user interaction.
US-CERT encourages users to do the following to help mitigate the risks:
Install antivirus software and keep the virus signatures up to date.
Do not connect an unknown or untrusted USB drive to your computer.
Disable AutoRun or AutoPlay features for removable media.
Review the Using Caution with USB Drives Cyber Security Tip for more information on protecting your USB flash drive.
Review The Dangers of Windows AutoRun Vulnerability Analysis Blog entry for more information regarding AutoRun
Filed under: Alerts