Jump to content

Maximizing Malware Protection of USB Removable Drives


Alok
 Share

Recommended Posts

Today one of the fastest medium used by malware for infection is removable drives. Worms used it to replicate faster, once your removal drive come in contact with infected system it gets infected automatically by the malicious services running in system, one of the first task done by malicious services is to create AUTORUN information file into Removable drive for further propagation.

Now once you open these infected Removable Drives in any PC, AUTORUN file do there task, but question is How?

Actually AUTORUN file contains code for executing infected executable file instantly which were copied earlier somewhere in Removable Drives by malicious services.

The code within AUTORUN information file looks something like this:

[AUTORUN]

OPEN=recycler/setup.exe

In the above script recycler is a folder in removal drives which contain infected executable file (copied earlier by malicious services) that is now being used by AUTORUN file for propagation.

Here we can protect our Removal Drives against these worms by restricting changes to Autorun.inf file.

Step1: Create four folders in the root directory of your Removable drive with name Autorun.inf, Recycle, Recycler and Recycled.

Step2: Go to Start>Run and type cmd to open Command Prompt

Step3: Now type below command one by one

attrib autorun.inf /s /d –a +s +r

cacls autorun.inf /c /d administrators

Step4: Repeat Step3 for Recycle, Recycler and Recycled.

Here in the above procedure attrib command is used to set the folder attributes and cacls is used to set the privilege label to deny access for members of administrators group.

Sample Image:1

Autorun1.JPG

Once you have completed this task successfully you won’t be able to delete, rename, modify, copy or open these folders and this also prevent Malicious services running in any system to modify or copy infected files into Removable Drives.[/b]

Sample Image:2

Autorun2.JPG

Sample Image:3

Autorun3.JPG

Originally Posted on whitehatGuru.net/blog

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...