| "I would have loved to be on the inside of the building watching as people started plugging the USB drives in, scouring through the planted image files, then unknowingly running our piece of software." I suspect it wasn't autorun, this time, based on the last part of that sentence from the article's author. If autorun was used, then the malware probably, *probably*, would started immediately and there wouldn't be a need for the victims to "then unknowingly". Also, the following is from Microsoft's Web site. I wonder how many people are going to go through the trouble. Chuck The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application. The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A RMB set to zero indicates that the device is not a removable media device. A RMB of one indicates that the device is a removable media device. Drivers obtain this information by using the StorageDeviceProperty request. On Jun 9, 2006, at 4:48 PM, K.S. Bhaskar wrote:
|
_______________________________________________ Hardhats-members mailing list Hardhats-members@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hardhats-members
