+5 votes
165 views
by (40.6k points)

Virus and promiscuity. Floppy to USB


1 Answer

+3 votes
by (40.6k points)

In the late 80s they began to popularize the boot sector virus, which had the particularity that spread via floppy disks. If you introducías a floppy disk into an infected computer virus it is copied to the floppy diskette and in turn that could infect any computer where it was used. Today we live in a plague of the same dog with another collar, at least in the functional part. With obsolete floppy, USB sticks have taken over as bearers of a new generation of malware that exploit the "promiscuity" with which we use the device.

What is the device you use most third-party computers? For many will be the USB memory, such as handy, we do not hesitate to enter into any computer. To exchange documents, to teach the latest pictures, to bring work home, to make us a copy of that program, for a presentation, to spend about MP3 ...

Both in and out between computers has not gone unnoticed by malware creators, who have seen in this device the ideal choice for your bugs can jump from one computer to another transport. In a time when virtually every computer has an Internet connection, and therefore physical distances are virtually nonexistent, this new trend takes us back to infections early 90s, based on proximity and sharing storage devices.

One of the most representative families of this new epidemic is called by antivirus as "AutoRun" with the prefix "Win32" and / or "Worm". As concrete data in VirusTotal have received 7,742 different variants of this family (as MD5) only in so far this May.

The design of these specimens, which should be classified as "worms" instead of "virus" since reproduce copies of themselves but can not infect other files, is really simple. All logic is based on leveraging the Windows AutoRun feature automatically interprets and executes the autorun.inf file if it is found in the root of removable media such as CD, DVD or other reports, including USB.

Malware authors are taking advantage of this functionality by default Windows Explorer. Simply insert a USB memory in a system for automatically autorunf.inf that typically designed to turn launch an executable with the worm code is executed. The worm installs itself on the system and try to copy a couple of files, autorun.inf and executable worm in all existing units. Thus expanding by indiscriminate infection covers both hard drives, network drives, removable media, etc., so that these worms can be found beyond in their own USB sticks.

The good news is there are ways to try to mitigate these worms configuring Windows to prevent automatic AutoRun, for example through the NoDriveTypeAutoRun registry entry. However it has been found that the configuration of this value is not enough in Windows Vista to prevent the execution, because AutoPlay, other functionality by default.

Another more effective method is to "tweaking" Windows to ignore the autorun.inf file, indicating that instead of interpreting commands including inside use some alternative values, in particular a non-existent values. So Windows will not execute anything.

To do this you must configure an entry in the Windows registry.

The simplest way is to copy the following lines in Notepad and save with a .REG extension, for example: noautorun.reg.

Code:
REGEDIT4
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ IniFileMapping \ Autorun.inf]
@ = "@ SYS: DoesNotExist"


Then double-click the file noautorun.reg, Windows will ask if you are sure they want to add this information to the registry, and choose yes.

Remember that this amendment also avoid the execution of the legitimate autorun.inf, for example those that make entering a CD or DVD automatically run a program. In those cases we need to double click to run the program. Although we believe that this "little trouble" if that compensates avoid infection of our systems.


6.5k questions

8.2k answers

191 comments

71 users

Please leave a comment if the solution works or not.
(with device model) [X]Close
Ask a Question
Welcome to Wikiwhy Q&A, where you can ask questions and receive answers from other members of the community.

Categories

...