Wednesday, March 4, 2009
USB Pen Drives - a growing carrier of viruses
USB pen drives are the floppy disks of the new millennium. A 4GB pen drive costs Rs. 600. Everyone uses them - carrying data from home to work, exchanging digital photos, taking documents to print shops and even for backups. However, USB pen drives have become the carrier of choice for viruses and worms.
You've returned from a vacation and want to print your digital photos. You take your photos on a pen drive and to the photo shop. The operator plugs in your device, copies the photos on the shop's computer and returns the device. Publicly used computers, like those in photo or print shops or cybercafes are rife with "cyber diseases". As you return home, a worm is riding along on your pen drive. Plugging in the pen drive on your computer gives the worm a new home. Your computer has now become another source of infection for other pen drives plugged into it. I shall refrain from making any real-life analogies here.
How do worms travel on pen drives? The answer lies in Windows' AutoPlay mechanism. Whenever you insert a CD or a pen drive in your computer, Windows displays a default pop up to choose if you want to open the folder, run a slideshow, play music, etc. Developers can create customized launch programs by creating a special "Autorun.inf" file. Whenever you insert a storage device, Windows automatically looks for the presence of Autorun.inf and on finding one, executes the programs listed in it. This "feature" is a blessing for worms. An infected computer will create an Autorun.inf file on every device it encounters and copy the worm program on it. The worms disguise themselves as folders, with the same yellow folder icons. If Autorun.inf doesn't get you, inadvertently clicking on what may seem to be a folder will.
AutoPlay is a classic example of "convenience turned into a nuisance". Older pen drives were manufactured with a write-protect switch, just like floppies. Sadly, newer ones have no protection - we have to resort to disabling AutoPlay. The easiest way is by using Microsoft's TweakUI power toy, saving you the hassle of editing the registry. Here are some easy instructions for disabling AutoPlay. And avoid exchanging pen drives with unknown computers. There is no digital latex.