infecting usb drives!!

[Gaz]

Driving me potty, it is now no longer safe to insert a usb drive into any
xp/vista machine that you suspect is infected, its become like the use of
floppies in the eighties and nineties.

Just bought myself some usb sticks with hardware write protection, hopefully
they will keep the viruses at bay.

Gaz

 

[VanguardLH]

Driving me potty, it is now no longer safe to insert a usb drive into any
xp/vista machine that you suspect is infected, its become like the use of
floppies in the eighties and nineties.

Just bought myself some usb sticks with hardware write protection, hopefully
they will keep the viruses at bay.

Gaz

Disable auto-play in Windows. It's a security liability. When you want
to run something from there, YOU start it after scanning it for malware
- but then if your anti-virus/malware program doesn't catch the pest in
a scan then it might not catch it using its real-time heuristics. So
you might want to start considering using a security or anti-malware
product that implements HIPS (host intrusion protection system) but get
ready for the prompts. You are in charge of what can load into memory
(from where it runs) but you need to understand the prompts.

Rather than be concerned about infecting the USB drives, be concerned
about infecting the host into which you plug them. Disable auto-play.

 

[kurt wismer]

Driving me potty, it is now no longer safe to insert a usb drive into any
xp/vista machine that you suspect is infected, its become like the use of
floppies in the eighties and nineties.

become??? it has always been like the use of floppies - it's only now
that average people are starting to wake up to that fact...

the lessons you learned from floppies can (and should) be applied to all
removable media - even things you might have never considered as
removable media, like digital cameras or mp3 players... basically
anything that can hold 'stuff' and plugs into your computer presents the
same (or equivalent) risk as floppies did back in the day...

 

[Gaz]

become??? it has always been like the use of floppies - it's only now
that average people are starting to wake up to that fact...

the lessons you learned from floppies can (and should) be applied to
all removable media - even things you might have never considered as
removable media, like digital cameras or mp3 players... basically
anything that can hold 'stuff' and plugs into your computer presents
the same (or equivalent) risk as floppies did back in the day...

But hardware write locks are pretty rare on usb drives, unlike every single
floppy ever produced.

It is only recently though that the usb drive has been targeted...

Gaz

 

[lightningware]

Hi Gaz,

I know exactly what you’re talking about. I've found even with auto-
run disabled I ended up contracting a virus just be inserting the disk
and then double clicking on the drive letter in explorer! Then has
taken me a day just to restore my laptop

Therefore I had enough and wrote a new application called VMON which
does the following:
1) Monitors for any inserted drive, finds if it has an auto run and
quarantines it
2) Can run commands on drive insertion (I've set it to automatically
scan the drive with AVG)
3) Monitors key system areas of your PC and quarantines, logs and
warns if a change occurs (helps stop Trojans and Viruses injecting
into system files)
4) Monitors the registry and warns & logs if a suspicious change
occurs (helps restore your system if a malicious application does get
installed)
5) Monitors the firewall and warns & logs if a change occurs (I found
one of the Trojans I picked up opened a port for itself)

You can download the software from:
http://www.lightningware.co.uk/software/details.asp?code=LWS-VMON

Cheers,

Gary

 

[kurt wismer]

But hardware write locks are pretty rare on usb drives, unlike every single
floppy ever produced.

It is only recently though that the usb drive has been targeted...

actually, autorun malware has been around for several years now... it is
only recently that the threat has registered in the public consciousness...

 

[Dustin Cook]

Driving me potty, it is now no longer safe to insert a usb drive into
any xp/vista machine that you suspect is infected, its become like the
use of floppies in the eighties and nineties.

Just bought myself some usb sticks with hardware write protection,
hopefully they will keep the viruses at bay.

Gaz

I don't know if this still remains true for vista... However, for the rest
not using... vista nor mac... holding down the left shift key while
inserting the drive should tell windows not to bother with autorun.

Still works for cds.. I haven't tested it with my usb sticks, because...
well, I hadn't worried about this. I don't mind if something wants to
tag along, it can come back with me, and be checked out..... lol.

 

[Juarez]

the lessons you learned from floppies can (and should) be applied to all
removable media - even things you might have never considered as removable
media, like digital cameras or mp3 players... basically anything that can
hold 'stuff' and plugs into your computer presents the same (or
equivalent) risk as floppies did back in the day...

Yea, even those digital photo frames have been known to come from the
factory with a virus already on them.

 

[Juarez]

I don't know if this still remains true for vista... However, for the rest
not using... vista nor mac... holding down the left shift key while
inserting the drive should tell windows not to bother with autorun.

According to the help files in Vista that is supposed to still work but if
doesn't.

 

[FromTheRafters]

I don't know if this still remains true for vista... However, for the
rest
not using... vista nor mac... holding down the left shift key while
inserting the drive should tell windows not to bother with autorun.

Still works for cds.. I haven't tested it with my usb sticks,
because...
well, I hadn't worried about this. I don't mind if something wants
to
tag along, it can come back with me, and be checked out..... lol.

One person's "nasty malware" is another's "free sample". )

 

[bertieboy]

In message

Hi Gaz,

I know exactly what you’re talking about. I've found even with auto-
run disabled I ended up contracting a virus just be inserting the disk
and then double clicking on the drive letter in explorer! Then has
taken me a day just to restore my laptop

Therefore I had enough and wrote a new application called VMON which
does the following:
1) Monitors for any inserted drive, finds if it has an auto run and
quarantines it
2) Can run commands on drive insertion (I've set it to automatically
scan the drive with AVG)
3) Monitors key system areas of your PC and quarantines, logs and
warns if a change occurs (helps stop Trojans and Viruses injecting
into system files)
4) Monitors the registry and warns & logs if a suspicious change
occurs (helps restore your system if a malicious application does get
installed)
5) Monitors the firewall and warns & logs if a change occurs (I found
one of the Trojans I picked up opened a port for itself)

You can download the software from:
http://www.lightningware.co.uk/software/details.asp?code=LWS-VMON

Cheers,

Gary

I downloaded it and it told me my trial period had expired! I don't even
get a chance to try it out

 

[jen]

"Hi Gaz,
I know exactly what you’re talking about. I've found even with auto-
run disabled I ended up contracting a virus just be inserting the disk
and then double clicking on the drive letter in explorer! Then has
taken me a day just to restore my laptop "

Here's why:
US-CERT alert on autorun:
Microsoft Windows Does Not Disable AutoRun Properly
http://www.us-cert.gov/cas/techalerts/TA09-020A.html

-jen

 

[Dustin Cook]

One person's "nasty malware" is another's "free sample". )

And Samples are gewd. Recycling bits and bytes, I'm doing my part to be
green!

 

[lightningware]

Hi Bertieboy,

You should get 30days. I've just released this software so may be an
issue with your time zone or something. I have quite a few other users
that haven't hit this so I suspect a date issue.

If you visit my web site www.lightningware.co.uk you will see a link
to email me. I can then work out what the problem is.

Cheers,

Gary

 

[Mike S.]

But hardware write locks are pretty rare on usb drives, unlike every single
floppy ever produced.

I use an SD card inside a small reader, just bigger than a flash drive,
that I got from Newegg. If you flip the write-protect tab before inserting
the drive on a questionable system, there is no danger of the flash drive
becoming infected.

 

[rjdriver]

Driving me potty, it is now no longer safe to insert a usb drive into any
xp/vista machine that you suspect is infected, its become like the use of
floppies in the eighties and nineties.

Just bought myself some usb sticks with hardware write protection,
hopefully they will keep the viruses at bay.

Gaz

USB Cop will stop any app that wants to autorun when you insert the drive,
take you to the app's locatoin and let you decide whether to or not to start
it..

Freeware http://sourceforge.net/projects/usbcop


Bob

 

[Gaz]

Gaz wrote:
Driving me potty, it is now no longer safe to insert a usb drive
into any xp/vista machine that you suspect is infected, its become
like the use of floppies in the eighties and nineties.

become??? it has always been like the use of floppies - it's only
now that average people are starting to wake up to that fact...

the lessons you learned from floppies can (and should) be applied to
all removable media - even things you might have never considered as
removable media, like digital cameras or mp3 players... basically
anything that can hold 'stuff' and plugs into your computer presents
the same (or equivalent) risk as floppies did back in the day...

But hardware write locks are pretty rare on usb drives, unlike every
single floppy ever produced.

I use an SD card inside a small reader, just bigger than a flash
drive, that I got from Newegg. If you flip the write-protect tab
before inserting the drive on a questionable system, there is no
danger of the flash drive becoming infected.[/QUOTE]

Warning, the lock is voluntary and dependent on the usb to sd drive. All the
ones i have come across so far (about three or four) do not honour the lock
on the sd card....

Gaz

 

[Mike S.]

Warning, the lock is voluntary and dependent on the usb to sd drive. All the
ones i have come across so far (about three or four) do not honour the lock
on the sd card....

That may be true; of course you have to verify the write-protect before
using it on a potentially hostile computer. In my case, a Transcend Class
6, 8 GB SDHC card inside a $9 Rosewill reader is only slightly larger than a
thumb drive, totally enclosed, out-performs many dedicated flash drives,
allows for upgrade or recycling of the flash medium, and the write protect
definitely works. And the whole outfit costs less than most discounted
thumb drives of similar capacity.

 

[Gaz]

kurt wismer wrote:
Gaz wrote:
Driving me potty, it is now no longer safe to insert a usb drive
into any xp/vista machine that you suspect is infected, its
become like the use of floppies in the eighties and nineties.

become??? it has always been like the use of floppies - it's only
now that average people are starting to wake up to that fact...

the lessons you learned from floppies can (and should) be applied
to all removable media - even things you might have never
considered as removable media, like digital cameras or mp3
players... basically anything that can hold 'stuff' and plugs
into your computer presents the same (or equivalent) risk as
floppies did back in the day...

But hardware write locks are pretty rare on usb drives, unlike
every single floppy ever produced.

I use an SD card inside a small reader, just bigger than a flash
drive, that I got from Newegg. If you flip the write-protect tab
before inserting the drive on a questionable system, there is no
danger of the flash drive becoming infected.

Warning, the lock is voluntary and dependent on the usb to sd drive.
All the ones i have come across so far (about three or four) do not
honour the lock on the sd card....

That may be true; of course you have to verify the write-protect
before using it on a potentially hostile computer. In my case, a
Transcend Class 6, 8 GB SDHC card inside a $9 Rosewill reader is only
slightly larger than a thumb drive, totally enclosed, out-performs
many dedicated flash drives, allows for upgrade or recycling of the
flash medium, and the write protect definitely works. And the whole
outfit costs less than most discounted thumb drives of similar
capacity.[/QUOTE]

I picked up a lockable usb drive 8gb for about £12 on ebay. A major relief
now...

Gaz