Thanks for the info, but most folks are already aware that be default, the AutoRun function is enabled for CDs, but disabled for removeable storage. A simply query on TechNet supports this: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/Shell/programmersguide/shell_basics/shell_basics_extending/autorun/autoplay_reg.asp
Harlan --- [EMAIL PROTECTED] wrote: > Well, I don't have a USB storage dive handy at the > moment, but I grabbed > the closest CD I knew had an autorun.inf, the second > I open the drive in > Explorer, the open=setup.exe line excutes and I have > setup.exe > executing. Does seem to hard to get it to run > without user knowledge. > > > -----Original Message----- > > From: Harlan Carvey [mailto:[EMAIL PROTECTED] > > Sent: Thursday, June 15, 2006 4:17 PM > > To: Greg Merideth; George Njoku > > Cc: Focus Microsoft > > Subject: Re: Controlling specific USB devices on > Windows XP > > > > > > > Given the recent social engineering test with > USB devices > > left around > > > a credit-unions lobby I would disagree. > > > > That "test" is suspect, as it doesn't provide > nearly enough > > information. By default, Windows does not parse > the "load=" > > or "run=" lines of an autorun.inf file from > removeable media. > > So, the question is, what about the "test" got > the users to > > run the Trojan on the USB devices? > > > > > > > > ------------------------------------------ > > Harlan Carvey, CISSP > > "Windows Forensics and Incident Recovery" > > http://www.windows-ir.com > > http://windowsir.blogspot.com > > ------------------------------------------ > > > > > -------------------------------------------------------------- > > ------------- > > > -------------------------------------------------------------- > > ------------- > > > > > ------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://windowsir.blogspot.com ------------------------------------------ --------------------------------------------------------------------------- ---------------------------------------------------------------------------
