News Display

Week overview

 

Beware of Christmas presents with non-volatile memory

(heise online, 22.12.2009 15:11) While USB flash drives and digital photo frames are popular presents, recipients are advised to treat them with distrust. These devices may already be loaded with malware

While everyone likes Christmas presents, recipients are well advised to supplement their joy with a small measure of distrust if they receive USB flash drives, MP3 players or digital photo frames. This applies to home as well as business users. These devices may contain malware whether this was intended by the sender or not.

Although applications on USB flash drives can normally only be started by the user, connecting any external flash memory device to a Windows PC can potentially lead to infection, for example when the product is a USB Smart Drive with Autoplay/Autorun. For protection it's best to generally disable Autoplay in Windows.

Misleading options displayed by the Autoplay function can trick users into inadvertently infecting their systems. Plugging in a Conficker infected USB drive results in a specially crafted icon appearing in the Autoplay dialogue which appears to be a folder; clicking on this folder icon activates the worm.

This trick no longer works in Windows 7 because Microsoft has completely removed the option for starting programs from the dialogue for writeable memory such as USB flash drives, memory cards and external hard disks. This change, however, does not apply to CDs and DVDs.

The Internet Storm Center recommends that users generally format any unsolicited mobile storage device they receive, even if it's marked "Joe's Bachelor Party Pictures" to arouse users' curiosity.

See also:

• Windows 7: Autorun offers no chance to worms , a report from The H.