Protecting USB drives from autorun.inf malware

Filed under: TechNotes — lars @ 06:25:14 am

I stumbled upon a cool hack to help prevent USB drives from spreading malware by setting themselves up to auto-execute in Windows via the autorun.inf file.  This file can exist on CD/DVD-ROM and other removal media and generally specifies an executable that should be run when the drive is connected (for example, to launch an installer for an application) but can be abused by malware authors to execute their malicious payload.

This hack involves creating a directory called autorun.inf that cannot be deleted except by formatting the device (apparently).  This prevents anything else from creating an autorun.inf file.  Perhaps it won't stop all malware but it's probably not a bad set of steps to take:

  1. Open a command prompt and 'cd' to the root of your removal/USB device.
  2. Execute the following:
    mkdir autorun.inf
    cd autorun.inf
    mkdir .\con\

All done!  But this is no substitute for being careful with which machines you plug your devices into, regular virus scanning and good backups.

Comments

Leave a comment

Allowed XHTML tags: <p, ul, ol, li, dl, dt, dd, address, blockquote, ins, del, span, bdo, br, em, strong, dfn, code, samp, kdb, var, cite, abbr, acronym, q, sub, sup, tt, i, b, big, small>


Options:
(Line breaks become <br />)
(Set cookies for name, email & url)




powered by  b2evolution