Autorun Usb

A relatively new target on computer security are not computers as we think of them. USB devices like picture frames, MP3 players, and memory sticks were mentioned on IBM's 2008 computer security trends report (X-force).

AutoRun lets a device like a USB or CD turn itself on automatically (hence the name AutoRun on Windows or AutoStart on a Mac). It allows the computer to act like a musical CD player and for software to install easily with a CD. There was no more need to tell people to open the CD and click on install. But what else would be installed?

Remember the idea of refigs back just before the 2k bubble burst? We were told that even our refrigerators would be on the Internet. Unfortunately, people had rather defective crystal balls back then. However, while that didn't happen many other trivial appliances have been showing up on our PCs. Like when European settlers started showing up on the shores of the new land, their presence included viruses too.

Last Christmas I heard about an attack that intrigued me. People were buying picture frames, taking them home and loading them with viruses, and returning the frames within 30 days so they would be reboxed. Then when somebody bought it as a Christmas gift and a surprise waited the gift receiver. They would put the frame in their computer and WHAM! they were infected.

USB memory sticks (aka thumb drives) seem to be taking the place that floppy disks held for many years. They were a convenient way of transferring information from one computer to another.

Soon companies with big networks were banning the use of USB memory sticks. The concern was that if a memory stick contained viruses and could whatever was on the skick could automatically be played then just plugging a stick into the USB slot could transfer a virus onto the network or steal sensitive information like employee records or customers credit card numbers.

The two defenses against this happening was putting epoxy glue in the USB slots and disabling an Operating System service called AutoRun. Unfortunately :) we cannot blame Windows exclusively since it isn't the only Operating System to have AutoRun.

via : http://rdksoftware.com/node/81