The Microsoft Windows Operating System uses the AUTORUN.INF file from removable drives in order to know which actions to perform when a new external storage device, such as a USB drive or CD/DVD, is inserted into the PC. The AUTORUN.INF file is a configuration file that is normally located in the root directory of removable media and contains, among other things, a reference to the icon that will be shown associated to the removable drive or volume, a description of its content and also the possibility to define a program which should be executed automatically when the unit is mounted.
The problem is that this feature is used by malware in order to spread to other computers infecting them as soon as a new USB drive is inserted into a new computer. What the malware does is copying a malicious executable in the drive and modifying the AUTORUN.INF file so that Windows opens the malicious file silently as soon as the drive is mounted. The most recent example of this is the Conficker worm which, in addition to spreading via the network, also spreads via USB drives.
No comments:
Post a Comment