Shouldn't turning off autoplay prevent this spreading (not it becoming infected of course)?
-----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Wednesday, January 28, 2009 5:25 PM To: NT System Admin Issues Subject: Malware and USB flash drives (was: Bookmark management programs) On Wed, Jan 28, 2009 at 9:13 AM, Hart, Robert <[email protected]> wrote: > To go even further load Firefox portable on a USB stick and foxmarks and > then you don't even have to worry about it if you are at some random > location. Use extreme caution when carrying software around on a USB flash drive (or other writable, removable media). There's a lot of malicious software out these these days that's using them to propagate. So you mount the drive in a compromised computer, and the drive becomes compromised. Now every other unprotected computer you mount the drive in will also become compromised. It's like floppy disk borne viruses from the 1980s all over again. Propagation methods could include AUTORUN.INF (so the malware executes as soon as you mount the drive) and traditional virus (modification of nominally trustworthy executable). I know the first has been publicly reported. USB flash drives with a hardware write-protect switch can be used to prevent the drive from becoming compromised. However, many people want their drive to be writable for data updates, so this is a loss-of-functionality issue. Even a read-only drive will not protect you from an already compromised host computer. For example, if you mount a USB flash drive with Firefox on a public computer that's been compromised with a keystroke logger, and then log-in to your corporate web mail, you've now given away your corporate password. (Or your personal bank account credentials; you get the idea.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail delete this e-mail and refrain from any disclosure or action based on the information. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
