Home
USB Drives and Virus / Trojan / Worm Infections PDF Print E-mail
Written by Staff   
Friday, 30 October 2009 07:49
AddThis Social Bookmark Button

 

Over the recent months, we've been working with people working with USB drives rather a lot. 

 

In normal day to day use the drives are inserted into all manner of computers and machines to collect or deliver data, pictures, spreadsheets - all kinds of content. 

 

A disturbing trend by malware writers is becoming ever more prevalent - using removable media as the infection vector. In the majority of cases, users won't even know they are becoming infected or that they're sharing the infection next time they insert their drive into someone's machine.

 

What is malware? In case you've been living a quiet and non-tech existence, I'll explain it for you. In a nutshell, it's malicious software. Usually it will either act as a key logger (i.e. copy your keystrokes and send them home to the maker of the malware - think 'bank account' or 'e-mail account') or open a backdoor in order that the malware's maker can take control of your machine for whatever purpose they desire - and that could get very, very nasty indeed. Result? Not good for you.

 

What's even more disturbing is that infection via a removable drive is only one of the infection vectors. Their main channel is of course via network connections. Therefore, when one machine is infected, the malware will most likely propagate across the entire network in a business or a household. Feeling uncomfortable now?

 

Obviously, the vast majority of these nasties are for Windows based systems. That includes Windows, XP, Windows 2000, Vista and even new Windows 7. There are some other kinds out there which target other platforms, but they are reasonably rare and chances are only relevant if you use one of those other operating systems.

 

The most usual solution to this problem is to run anti-virus software. We won't endorse a specific brand or type, but there are many good quality products available for purchase and some excellent freeware ones. Most of the quality ones will detect either the presence of the malware when the USB drive is inserted or will detect the attempted infection by the malware. 

 

In a perfect world, every IT department or system administrator would have some form of antivirus solution in use on each workstation and within their network, as well as other backend solutions at or before the gateway to the internet. Sadly, that's just not the case. 

 

Here are some simple solutions that you can use to prevent becoming infected or removing an infection:

  • Create a dummy autorun.inf on the removable device (it can be an empty file) and set its attributes to System and Read Only.
Most of this type of malware will attempt to write an autorun.inf to install the malware on the next host it is connected to. By making a dummy autorun.inf with System and Read Only attribs set, it will deny a large percentage of these bad boys a chance to install to the drive in the first place. 
  • Use Microsoft's free TweakIU PowerToy (or similar) to disallow autorun files from running except on your CD or DVD drives.
This prohibits the autorun.inf file being run when the USB drive is inserted. No running autorun.inf? No propagation of the infection. Simple and elegant. 
  • Get antivirus software on your machine
If you Google for 'free antivirus software' you will feel rather spoiled for choice. The biggest companies have trial versions which are fully functional available for download. Some of the smaller companies have free versions for home use and for students. There are some completely free ones about, but I have reservations about how often their fingerprint file / brainfile (the data which most antivirus software uses to detect the presence of malicious software) is updated.
  • Try some extra applications
There are some other great applications around which help with this kind of problem. In usual circumstances, they're not necessary. However, if you want to elevate your level of protection, it's worth having a look at:
  • USB Firewall
  • Flash Disinfector

 

Red Circle Media does not use Windows machines in our production or testing environment. Incidentally, we don't use those in the office environment either!

There is no potential way for an infection to occur in pre-production, production or our manufacturing environment. As part of our security measures, all of the hardware used in these areas is isolated from external networks.

Additionally, client supplied masters for duplication are pre-tested on a machine that is isolated from all internal and external networks - we check to make sure that somehow your content creator hasn't somehow added an infection payload to your product. 

We have some additional services which we can add to your project for a fee to further enhance your USB product and using it safely. Ask your Red Circle Media contact about this option.