Unless the USB device emulates a cd-rom: http://www.udrw.com/en/tech/index.php
Another poster sent me this. It's someone try to perform the "hack" himself. See the second entry: http://hackaday.com/ I may not be well versed in this topic, but my logical assumption that if there was a way for windows to tell the the difference between a USB cd-rom and a USB removable storage device, there had to be a way to fool windows in to thinking a USB removable storage device was a cd-rom. So wondering if it had been found yet, lead me to try a simple google search that find the first url. > -----Original Message----- > From: Harlan Carvey [mailto:[EMAIL PROTECTED] > Sent: Friday, June 16, 2006 10:15 AM > To: McClenon, Braden ([EMAIL PROTECTED]); Greg Merideth; > George Njoku > Cc: Focus Microsoft > Subject: RE: Controlling specific USB devices on Windows XP > > Thanks for the info, but most folks are already aware that be > default, the AutoRun function is enabled for CDs, but > disabled for removeable storage. A simply query on TechNet > supports this: > http://msdn.microsoft.com/library/default.asp?url=/library/en- > us/shellcc/platform/Shell/programmersguide/shell_basics/shell_ > basics_extending/autorun/autoplay_reg.asp > > Harlan > > --- [EMAIL PROTECTED] wrote: > > > Well, I don't have a USB storage dive handy at the moment, but I > > grabbed the closest CD I knew had an autorun.inf, the second I open > > the drive in Explorer, the open=setup.exe line excutes and I have > > setup.exe executing. Does seem to hard to get it to run > without user > > knowledge. > > > > > -----Original Message----- > > > From: Harlan Carvey [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, June 15, 2006 4:17 PM > > > To: Greg Merideth; George Njoku > > > Cc: Focus Microsoft > > > Subject: Re: Controlling specific USB devices on > > Windows XP > > > > > > > > > > Given the recent social engineering test with > > USB devices > > > left around > > > > a credit-unions lobby I would disagree. > > > > > > That "test" is suspect, as it doesn't provide > > nearly enough > > > information. By default, Windows does not parse > > the "load=" > > > or "run=" lines of an autorun.inf file from > > removeable media. > > > So, the question is, what about the "test" got > > the users to > > > run the Trojan on the USB devices? > > > > > > > > > > > > ------------------------------------------ > > > Harlan Carvey, CISSP > > > "Windows Forensics and Incident Recovery" > > > http://www.windows-ir.com > > > http://windowsir.blogspot.com > > > ------------------------------------------ > > > > > > > > > -------------------------------------------------------------- > > > ------------- > > > > > > -------------------------------------------------------------- > > > ------------- > > > > > > > > > > > ------------------------------------------ > Harlan Carvey, CISSP > "Windows Forensics and Incident Recovery" > http://www.windows-ir.com > http://windowsir.blogspot.com > ------------------------------------------ > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
