Is Your Flash Drive Infected?

Category: Hard-Drives , Viruses

Security research firm Sophos found malware on two-thirds of fifty USB flash drives that had been lost aboard Australian trains. That might suggest that you should avoid computing on Australian trains, but the broader lesson is that USB flash drives are highly vulnerable to malware infections. Here's what you need to know, and how to protect your computer from viruses that may lurk on flash drives...

Flash Drives, Viruses, and AutoRun

Malware authors find it easy and profitable to write malware designed to be spread via flash drives. There are a couple of reasons why flash drives make good vectors for malware. First, flash drives are "promiscuous" (in a metaphorical sense) because a given flash drive is inserted into a number of different devices on a routine basis. The lost Australian flash drives were sold after being unclaimed, and made the rounds as the unsuspecting purchasers began using them. Second, the AutoRun feature in Windows is ideal for spreading malware via flash drives.

Here is how AutoRun works: when a removable storage device, such as a flash drive, is connected to a Windows computer, Windows checks it for the presence of a configuration file named AUTORUN.INF. If that file is found, the instructions in it are executed. AUTORUN.INF tells Windows to run a program automatically when the storage device is connected to the computer. AutoRun is a convenience; it enables movies, music, games, or setup programs to start up as soon as you insert a CD or flash drive. But AutoRun can also enable malware to execute without your knowledge.
Infected Flash Drive

A malware program can be designed to detect the connection of a removable storage device, copy itself to that device, and create or modify an AUTORUN.INF file that runs the malware whenever the device is connected to a new computer. So even if you practice safe computing, your flash drive could be infected with a virus simply by inserting it in a friend's computer. And unlike movies that start playing or setup utilities that display a startup screen, AutoRun malware does not give the user any sign that it is present or running. A lot of malware is written to take advantage of AutoRun. Just plug the flash drive into your USB port, and you're infected, unless you've taken precautionary measures.

Protection From Infected Flash Drives

Many people fail to scan flash drives for viruses, which is another reason why malware authors love flash drives. Check the settings of your anti-malware program to make sure that it scans removable media automatically, every time such media is connected to your computer.

You can disable AutoRun to help prevent execution of malware from flash drives. The Microsoft method is somewhat complex and involves tinkering with the Windows registry. Anti-malware developer Panda Security offers an easy to use, free tool that will "vaccinate" your computer (and optionally your USB drives) against AutoRun malware. The Panda Research USB Vaccine can provide two forms of protection. Vaccinating your computer will disable AutoRun for all removable media. No program on a flash drive, CD, DVD, Blu-Ray disc, etc., will be able to auto-execute.

That's the most comprehensive protection, but it makes life a bit inconvenient, because movies, music, and software installers will not automatically open when you pop in a disc. As an alternative, you can vaccinate only USB flash drives. The Panda "Computer Vaccination" feature doesn't change anything on the discs or flash drives that are currently mounted. It only changes the Windows AutoRun setting. Be aware that if you have a Magic Jack, and use the "USB Vaccination" feature, you should unplug your Magic Jack first, or it could be damaged.

It should be noted that malware can still be copied to and from a vaccinated flash drive. But it will not auto-execute. The best protection is to make sure your anti-virus protection will automatically scan all removable media (flash drives, CDs, DVDs) when they are inserted. If you don't have a good anti-virus program, or you're considering a switch, see my article on Free Anti-Virus Programs for some advice.

Have you been bitten by an infected flash drive? Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 13 Dec 2011


For Fun: Buy Bob a Snickers.

Prev Article:
Tap to Pay with Google Wallet?

The Top Twenty
Next Article:
Free Online Storage With Box.net

Most recent comments on "Is Your Flash Drive Infected?"

Posted by:

Walter Hansen
13 Dec 2011

It's often struck me (as often as I stand in a line at a bank) that there right in front of me are USB ports on bank computers. How hard would it be to plug in a disposable 256 flash drive when she's not looking? What if it were not just a flash drive but some sort of wireless device that was accessible from the parking lot?


Posted by:

Greg
13 Dec 2011

CAUTION - with MAGIC JACK there can be a serious problem according to a poster at Panda forum. Apparently, the Panda program can be set to AUTOMATICALLY inoculate ANY USB device. If a MAGIC JACK is inserted and automatically inoculated, it is rendered inoperable. The post was dated Sept 22 and is near the beginning.

EDITOR'S NOTE: The Panda "Computer Vaccination" program doesn't change anything on the discs or flash drives. It only changes the Windows AutoRun setting. If you use the "USB Vaccination" program, then it could affect your Magic Jack, if it's the older USB type that plugs into your PC.


Posted by:

Bruce Booker
13 Dec 2011

I work as a contract employee at a large federal government facility several times a year. I transfer information between my computer and their computer(s) on a flash drive. Their policy is that I cannot insert a flash drive into one of their computers until one of their IT people has scanned it. By my own personal choice, I won't open a flash drive in my own computer after I get home until after I have scanned it. The only change I had to make to my computer is to turn off 'auto run' for flash drives.


Posted by:

Jeri
13 Dec 2011

In Win XP you could hold the SHIFT key upon insertion to stop the autorun of a CD.
I don't know if this is still possible in Win 7.


Posted by:

Gary Pomraning
14 Dec 2011

I seem to remember that in the early flash drive days that some of them came with a manual Write or Don't Write switch on the side. Isn't there some way to (through software or Windows) make the flash Drive not be written to after I get my tools on it?

EDITOR'S NOTE: If there is a software method to turn ON the write protection, then there's a software method to turn it OFF. You can still buy flash drives with a write protect switch.


Posted by:

Yehuda
14 Dec 2011

One thing I noticed is that the use of photo kiosks has increased the spread of viruses dramatically. They are breeding grounds for all sorts of viruses.
I know someone with a photo printing business, they wipe their computers with a new disk image every day! But you can be sure that by an hour or two after opening, the disk is loaded with viruses that jump onto every USB stick or memory card inserted.
As a result, I always burn the pictures I want to print to a CD or use a service where I can upload the pix over the Internet.
If you use a photo kiosk, make sure that your memory source is write protected.


Posted by:

Ken
14 Dec 2011

Regarding the Australian trains: These lost drives were turned in. But how many persons would actually turn in flash drives that they found? So there were probably many more. The high percentage of infected drives makes me wonder if they are plants, with the hope that people will find them and use them. Flash drives now are pretty cheap, especially older smaller ones. Or easily stolen to be put to this use.


Posted by:

Jim
14 Dec 2011

Interesting article as usual Bob. With the millions in monitory losses and the hours lost I think the penalty for this should be so sever that nobody will take the chance.


Posted by:

PeteM
21 Dec 2011

Hi Bob,

I'm pretty sure that Microsoft released an update earlier this year that when applied would disable the auto-run element in flash drives.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Is Your Flash Drive Infected? (Posted: 13 Dec 2011)
Source: https://askbobrankin.com/is_your_flash_drive_infected.html
Copyright © 2005 - Bob Rankin - All Rights Reserved