Jump to content

Be Careful To Use Usb Devices!


Recommended Posts

Guest Reimar
Posted

The use of external USB Devices can easy harm your Computer and System. The infection which coming with the Device could be come from the Manufacturer of that device. If you read the article below you'll understand the warning.

Windows Vista More Secure than XP When It Comes to Infected MP3 Players - Due to its Autorun function

The recent avalanche of threats proved us that many, if not the majority of threats attempt to spread themselves by copying their files on clean removable drives connected to an infected computer. Usually, this process is based on Autorun.Inf, a file placed on the targeted removable devices that executes the infection once they are connected to the computers. Roel of Viruslist.com has done an interesting analysis over the Windows Autorun function, concluding that Vista is somehow more secure than XP when it comes to this kind of infections.

 

It all started from an infected MP3 player, which apparently got the Worm.Win32.Fujack.aa worm even before it has been connected to a computer. "Of course, we've contacted the company concerned. They told us they were aware that a few months ago there was a partially infected batch of these MP3 players, and that they'd taken steps to fix the problem. It was only this particular model – the Victory LT-200 that was affected", Roel wrote in his analysis.

But, let’s get back to the Windows Autorun function. So, we all know now that this type of worm attempts to launch the Autorun.inf file in order to compromise a system. Connecting a USB device to a Windows XP with Service Pack 2 computer brings up a dialog asking for user’s choice: open the folder to view files or several other options. However, double-clicking on the removable drive executes the commands placed into the Autorun.inf file, in our case launching the infection.

Windows Vista is different, Roel noted. Conducting the same action in Windows Vista opens the content of the drive and doesn’t launch the infection. However, the dialog opened when the USB connection is detected, allows users to open the folder to view files, but also to launch the setup, which in our case equals to launching the infection.

"This case shows clearly that you should always exercise caution when handling unknown external storage media, whether it's fresh out of the box or passed to you by a friend or colleague. One of the best precautions against getting infected is to make sure that your virus scanner is on. In most cases it takes a while for an infected device to be shipped from the factory to the store, so antivirus software is very likely to detect the malware that's caused the infection", Roel concluded.

Source

Guest Reimar
Posted (edited)
This is almost complete nonsense.

It isn't!

One of my friend bought an MP4 player from an shop, connected to hims PC and was directly getting several virus! Ok, that may wasn't from the manufacturer but from the shop because they was "playing" before with the device.

About the Device from the article it's true as well.  

So, what's nonsense on that?!

If you want to tell that the Publisher would take the risk of an court case because of false infos published I do believe you're very wrong. 

Cheers.

EDIT: May I should have pointing in the topic: New USB Devices or even 2. Hand Devices

Edited by Reimar
Posted

Also a sort time back some HDD came out from the factory with virus on them out of the box.  Company admitted it was a real problem.

Posted

Out of common sense, I always run a virus check (NOD 32 as it happens) on any USB device I attach to my laptop before opening it - particularly flash drives. I help a Thai student friend with some of his project work from university and all-too-often have to disinfect his flash drive that is usually virus-ridden after a session on the university network. F*** knows why they don't maintain some form of effective anti-virus set-up on their system - but, plainly, they don't.

Guest Reimar
Posted
Out of common sense, I always run a virus check (NOD 32 as it happens) on any USB device I attach to my laptop before opening it - particularly flash drives. I help a Thai student friend with some of his project work from university and all-too-often have to disinfect his flash drive that is usually virus-ridden after a session on the university network. F*** knows why they don't maintain some form of effective anti-virus set-up on their system - but, plainly, they don't.

The point bis about NEW Devices!! That new devices came infected already is a bit strange.

Ok I check everything include original CD's and found on last twice a Virus (Thai Accounting Software and Thai ERP System)

Posted

An mp3 file is just data, there's nothing executable in it, so unless you take it and rename the extension to .exe there's no way for a virus in it to get into anything else.

I suppose its possible for somebody to put an autoplay script on an mp3 player but even then I'm not sure windows would run it.

Granted, a flash drive is a different story, its like a disk and can have an autoplay that will execute the viruses. And its not uncommon for flash drive vendors to include some demo apps or other spamware on their new thumb drives.

A normal virus scanner will by default (I.e. unless you turn it off) scan inserted CDs, thumb drives, etc before anything on them is executed.

Reimar, in one of your other posts you quoted an article about Vista SP1 that mentioned a week of "media verification, whatever that is".

What that step entails is taking the first CDs that come back from manufacturing and trying the install from the CD on a system. Until that point the installs have all been tested off of unofficial CDs or network installs, this is a final test of the real thing. They should also scan the CDs to make sure they have no viruses (which might have infected the image at the manufacturing vendor).

Most media manufacturers are quite paranoid about the possibility of shipping viruses (since its an automatic class action lawsuit in the US), and they take strong measures to prevent it, such as not allowing any of their manufacturing computers to be on any network. Still human stupidity can override these systems.

But I still think getting a virus from an MP3 player is probably bunk. If you actually get a virus, how do you know where it really came from? If you have scanning software that detects it before the infection is copied, thats a different thing, but that's not what the OP says happened.

Posted
most mp3 players mount as a drive

Yup. I connected my daughter's ipod to one of my PCs last week to charge it up and my AV software immediately picked up four viruses.

Posted

you can turn off autoplay for all your devices including USB

I thought Autorun and Autoplay are two different things. How do you turn off Autorun?

Posted

Right click "My Computer", Click "Properties", Click "Device Manager", Double click the CD-Rom Tree, Double click The CD-Rom You want turn "Auto-Run" off of , Click "Settings", Near the middle of the Window there is a setting that says "Auto insert notification", this is your auto-run Feature.

Posted
Right click "My Computer", Click "Properties", Click "Device Manager", Double click the CD-Rom Tree, Double click The CD-Rom You want turn "Auto-Run" off of , Click "Settings", Near the middle of the Window there is a setting that says "Auto insert notification", this is your auto-run Feature.

Thanks for that info. However, you lost me where you say, "Click "Settings", Near the middle of the Window there is a setting that says "Auto insert notification", this is your auto-run Feature." When I double-click the DVD/CD Drive, it gives me the Properties window and I don't see Settings, Auto insert notification. What I see are tabs: "General", "Properties", "DVD Region", etc. Do I see something different from you because this is a combo CD and DVD drive?

Posted

Hello :o

Believe it or not i DID get such a virus!! And i think the only possibility where i could have gotten it from was the computer of my boyfriend's nephew, a 10-year old kid - that computer has no internet connection (there's no phone line on the farm and no mobile internet either) and hence he's got no anti-virus software either.

During my stay there i used that computer to save pictures that i'd taken with the digicam and various camera-phones, and on each such device i noticed a few files i didn't recognise from before, but didn't think anything about it then.

Upon return to Bangkok and first time i hooked up my Sony-Ericsson to MY computer Avast! sprung in my face immedoately warning me of some trojan. And it was a file called "AdobeR.exe" (capital A and R) which *somehow* had found it's way onto my THUMBDRIVE, my SONY-ERICSSON PHONE's MEMORY CARD, my BOYFRIEND'S IDENTICAL PHONE and my SAMSUNG PHONE MEMORY CARD. All of those devices had been connected to that computer in Chiang Mai, and the only one that did NOT get the virus was the digital camera (of which i had taken the memory stick out and used a card reader).

The virus had dropped three files into the root of each memory card, namely "AdobeR.exe", var(something)log (no file extension!) and msvcr71.dll. Upon connecting each device on another PC with the AV disabled (testwise), after removing those files the device could no longer be opened via the explorer, so i had to delete the "autorun.inf" file as well which was re-created after the device was ejected and reconnected.

HOWEVER the virus did NOT infect that computer in any way, i googled it and it was supposed to have dropped files and made registry entries, none of which took place. So no harm done.

BUT i want to inform anyone reading this that such viruses DO exist, that i HAD one and what it does and what it's named.

Still mysterious where that virus came from in first place - my boyfriend's nephew has, as mentioned, no internet and also no thumbdrives or similar devices. He uses the computer exclusively to watch cartoon VCD's and play games. He does have such cheap CD's that contain collections of (actually free) flash games that can be downloaded from the net or played on web sites - i suspect that one of those must have the virus. Next time i go there i'll install an AV and scan those CD's.

Best regards.....

Thanh

Posted (edited)
I'm with Tracker... as with most, the problem is a Windows one, which makes me quite happy running my Mac...

Hi.

It is comments like YOURS that make me scared. Linux and Mac fanboys and their "i don't get no virus, i don't give a dam_n" attitude. And THEY are the ones actually SPREADING the viruses for they don't bother with anti-virus software, happily forwarding infected e-mails and plugging their infected thumbdrives in friend's and colleagues' Windows machines to show those holiday pics (and AdobeR.exe-like nasties along).

As stupid as it sounds, i wish for a virus that takes on Macs and causes some serious trouble there, and then one doing the same on Linux. Just so THOSE people wake up, too!

You and Tracker KNOW that you can get a *nix based system (which Mac OSX is, too!) to "commit suicide"? Issue the right commands and they will delete themselves, file by file, right until the kernel panics. At such stage 90% of essential files are gone and you have a unbootable, unusable remains of a system. Imagine a virus doing the job for you.

Best regards.....

Thanh

Edited by Thanh-BKK
Posted

A friend of Ms D wanted me to print some photos from her mobile phone. I have one of those USB card readers and as soon as I plugged her phone memory into the card reader my virus software picked up two hits. These critters seem to be everwhere. :o

I run free Avira.

Daffy.

:D

Posted

turn off auto run

It's time to add digital picture frames to the group of consumer products that could carry computer viruses and Trojan horse programs.

In the past month, at least three consumers have reported that photo frames - small flat-panel displays for displaying digital images - received over the holidays attempted to install malicious code on their computer systems, according to the Internet Storm Center, a network-threat monitoring group. Each case involved the same product and the same chain of stores, suggesting that the electronic systems were infected at the factory or somewhere during shipping, said Marcus Sachs, who volunteers as the director of the Internet Storm Center.

http://www.theregister.co.uk/2008/01/11/ma...igital_devices/

and Unix based OS fanbois , please remember the Morris Worm

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...