I investigated on USB virus in the past few months. USB portable drive, is one of the most popular removable device, instead of CDs and floppies (I think no one use floppy nowadays). According to its popularity, it becomes a target media for virus writer to infect and spread their virus. And in my point of view, spreading virus in USB is a very interesting topic. To fully understand how the USB virus is being spread, we should first focus on a more general question: how to autorun USB?
One of the most frequently heard sceniaros is, “When I plug the USB into the computer, my anti-virus prompt and said I have been infected!”. Sounds very familiar right? But why this works? Is that easy to autorun USB drive? Not exactly. Here are some facts.
- Mac OS disabled autorun for all removable devices (USBs, CDs, floppies). Sometimes you will see that when you insert a VCD/ DVD, the OS (also in Windows and *nux system) will automatically run video player. This is not auto running the devices, this kind of “autorun” is because the system detected that the device is VCD/ DVD.
- In Windows XP, early release allows USB autorun, but soon they discovered that autorun may cause security issues. Now, XP and Vista disabled USB autorun by default, but CDs autorun remains enabled.
So, sounds like this is not possible to autorun a USB drive, then how can I do this? or how can virus infect in this way? Without really auto running a USB, there are couple of ways to incite victim to get infect. Since these topic is very huge (the skill is varies in different OS/ architecture). So I would like to divide this study into 3 parts. in Windows, in *nux system, other methods to spread USB virus and end with a conclusion.
interesting topic!
I won’t let you to plug USB in my computer anymore.. XDD
期待 ~