Prevent USB Flash Drive Malware Infections by Disabling AutoRun
AutoRun.Inf File – The Cause of Many Malware Infections
Windows uses a special file with the name autorun.inf with the removable media like USB Flash Drives, Memory Cards, Pen Drives etc., with a purpose to know the action to be taken when such a media is inserted in the computer.
Autorun.inf file is located in the root directory of the removable drive and contains a reference to the programs and files, which should be run automatically as soon as the drive is mounted on the computer.
Now here lies the problem.
There are several malware scripts, which exploit this file. As soon as a Flash Drive is inserted in a computer infected with such malware, they copy a malicious executable file in the USB drive and also modify the autorun.inf file with a reference to execute the malicious file.
When thisinfected USB Drive is taken to another clean computer, the autorun.ing file cause automatic execution of the malware file and this new computer also gets infected.
Is Autorun same as AutoPlay
Many users confuse AutoRun with AutoPlay. But both of them are entirely different things. Microsoft clarifies the difference clearly.
AutoPlay: AutoPlay is a Windows feature that lets you choose which program to use to start different kinds of media, such as music CDs, or CDs or DVDs containing photos. For example, the first time you try to play a music CD, AutoPlay asks which media player you want to use, if you have more than one installed on your computer. You can change AutoPlay settings for each media type.
Autorun: Autorun is a technology used to start some programs or enhanced content (such as video content on a music CD) automatically when you insert a CD or another media type into your computer. This is different from AutoPlay, but the result is often the same: when inserted, the CD starts automatically, using a particular program. Autorun is incorporated into the media types that use it, and you can’t modify it.
How to Disable Autorun File and Prevent Malware Infections
If you do a little googling, you can easily find some easy guides on how to disable AutoRun file. But there is a super easy way also.
Panda Labs, the well known security vendor, has developed a USB Vaccination tool, which does the job perfectly. It provides two levels of security related to autorun.inf file
Panda USB Vaccine is a free solution designed to protect against this threat. It offers a double layer of preventive protection, allowing users to disable the AutoRun feature on computers as well as on USB drives and other devices:
Vaccine for computers: This is a ‘vaccine’ for computers to prevent any AutoRun file from running, regardless of whether the device (memory stick, CD, etc.) is infected or not.
Vaccine for USB devices: This is a ‘vaccine’ for removable USB devices, preventing the AutoRun file from becoming a source of infection. The tool disables this file so it cannot be read, modified or replaced by malicious code.
This is a very useful tool as there is no simple way of disabling the AutoRun feature in Windows. This provides users with a simple way of disabling this feature, offering a high degree of protection against infections from removable drives and devices.
Recently Panda has released a new version of their USB Vaccine, which also supports the NTFS File system.