USB infections spread

Johannesburg, 08 Sept 2009

In the past, security companies warned users of how floppy disks were the main channel of infection between computers. While floppy disk technology has evolved into USB drives, CDs and DVDs, the security threat associated with these devices has remained constant.

This is according to Panda Security, discussing new infection channels in the world of computing security. “As was the case with floppy disks, malware that takes advantage of USB drives has begun to create massive infections, spreading rapidly and slipping past security programs,' states the company.

Panda explains the way in which malware is spread through USB devices by noting that most PCs use a Windows operating system. In 1995, Microsoft included the Autorun feature in Windows 95 and subsequent operating systems.

“Windows uses the Autorun.inf file on these drives or devices to know which action to take when they are connected to the computer. This file, which is on the root directory of the device, offers the option to define a program to automatically run part of the content stored on the device when it connects to the computer,” explains Jeremy Matthews, head of Panda's sub-Saharan operations.

Consequently, states the company, there are several ways of invoking an executable in the Autorun file of the external devices without the user's knowledge. The Autorun feature can therefore be used by some specific malware strains to infect external devices.

In order to do so, the executable is copied to the device and the Autorun.inf file is modified, says Matthews. This way, every time a USB device is connected to another computer, Windows silently runs the malicious file without users noticing they have been infected.

In dealing with the threat, the company explains that in the past, an entry was included in the Windows registry to disable the Autorun feature on specific computers. This prevented malware from infecting computers through a USB device, but not users who run it directly.

“These solutions can protect some systems, but external storage devices continue to infect unprotected computers,” states Panda.