In association with heise online

22 December 2009, 14:11

Beware of Christmas presents with non-volatile memory

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

USB Computing While everyone likes Christmas presents, recipients are well advised to supplement their joy with a small measure of distrust if they receive USB flash drives, MP3 players or digital photo frames. This applies to home as well as business users. These devices may contain malware – whether this was intended by the sender or not.

Although applications on USB flash drives can normally only be started by the user, connecting any external flash memory device to a Windows PC can potentially lead to infection, for example when the product is a USB Smart Drive with Autoplay/Autorun. For protection it's best to generally disable Autoplay in Windows.

Misleading options displayed by the Autoplay function can trick users into inadvertently infecting their systems. Plugging in a Conficker infected USB drive results in a specially crafted icon appearing in the Autoplay dialogue which appears to be a folder; clicking on this folder icon activates the worm.

This trick no longer works in Windows 7 because Microsoft has completely removed the option for starting programs from the dialogue for writeable memory such as USB flash drives, memory cards and external hard disks. This change, however, does not apply to CDs and DVDs.

The Internet Storm Center recommends that users generally format any unsolicited mobile storage device they receive, even if it's marked "Joe's Bachelor Party Pictures" to arouse users' curiosity.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit