Wednesday, March 4, 2009

USB Pen Drives - a growing carrier of viruses

USB pen drives are the floppy disks of the new millennium. A 4GB pen drive costs Rs. 600. Everyone uses them - carrying data from home to work, exchanging digital photos, taking documents to print shops and even for backups. However, USB pen drives have become the carrier of choice for viruses and worms.

You've returned from a vacation and want to print your digital photos. You take your photos on a pen drive and to the photo shop. The operator plugs in your device, copies the photos on the shop's computer and returns the device. Publicly used computers, like those in photo or print shops or cybercafes are rife with "cyber diseases". As you return home, a worm is riding along on your pen drive. Plugging in the pen drive on your computer gives the worm a new home. Your computer has now become another source of infection for other pen drives plugged into it. I shall refrain from making any real-life analogies here.

How do worms travel on pen drives? The answer lies in Windows' AutoPlay mechanism. Whenever you insert a CD or a pen drive in your computer, Windows displays a default pop up to choose if you want to open the folder, run a slideshow, play music, etc. Developers can create customized launch programs by creating a special "Autorun.inf" file. Whenever you insert a storage device, Windows automatically looks for the presence of Autorun.inf and on finding one, executes the programs listed in it. This "feature" is a blessing for worms. An infected computer will create an Autorun.inf file on every device it encounters and copy the worm program on it. The worms disguise themselves as folders, with the same yellow folder icons. If Autorun.inf doesn't get you, inadvertently clicking on what may seem to be a folder will.

AutoPlay is a classic example of "convenience turned into a nuisance". Older pen drives were manufactured with a write-protect switch, just like floppies. Sadly, newer ones have no protection - we have to resort to disabling AutoPlay. The easiest way is by using Microsoft's TweakUI power toy, saving you the hassle of editing the registry. Here are some easy instructions for disabling AutoPlay. And avoid exchanging pen drives with unknown computers. There is no digital latex.

Disabling Windows' AutoPlay

Windows' AutoPlay and AutoRun is more of a nuisance than a feature. This "feature" has been best utilized by worm and virus writers for automatically triggering malware when a USB device is plugged in.

A few years ago, USB pen drives came with a little switch - flipping it would enable write-protect, allowing the user to only read data off the drives, much like the floppy disks of the past. However, newer USB pen drives have no write protect mechanism on them.

I highly recommend disabling Windows' AutoPlay and AutoRun for every computer. It is an entirely useless feature that Microsoft should have never created in the first place. The best way of disabling AutoPlay is through Microsoft's TweakUI Power Toy.

First, download TweakUI.

Run it and expand "My Computer" and "AutoPlay" from the tree on the left hand side. Select "Drives" and uncheck all drive letters from the view on the right hand side as shown in the screenshot below. Click on the image for a larger view:

Next, click on the "Types" setting on the left hand side, and uncheck Autoplay options for both CD/DVD drives and removable devices. The screenshot below shows how. Click on the image for a larger view:

That's it. To ensure everything is set, reboot the computer. I know, it's 2009, but Windows is still primitive in certain ways.