25% of Worms Spread Via USB 190
An anonymous reader writes "In 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers, according to PandaLabs. This distribution technique is highly effective. With survey responses from more than 10,470 companies across 20 countries, it was revealed that approximately 48 percent of SMBs (with up to 1,000 computers) admit to having been infected by some type of malware over the last year. As further proof, 27 percent confirmed that the source of the infection was a USB device connected to a computer."
PS -- a little more googling shows... (Score:5, Informative)
If you're running Windows 7 it appears that you're ok. [samlogic.net] But what took MS so long to fix this gaping hole?
Re:No, really? (Score:5, Informative)
I don't remember any worms spreading automatically via serial port. It would have been difficult, because there weren't many peripherals that had internal storage space and connected via RS-232, and computers connected with a null-modem cable typically had to run some custom software for file transfer.
I do, however, remember a lot of worms spreading via floppy disks. Boot sector viruses were especially common in the DOS days. If you let a floppy in the drive, the BIOS would try to boot from it the next time you turned your computer on. It was quite common for a worm to install itself on the boot sector of any inserted floppy so that when you booted from that floppy it installed itself on the hard drive and then printed a 'please eject floppy and reboot' type error. You'd eject the floppy and reboot, and the machine would start normally, only now you'd be infected.
Since USB drives have replaced floppy disks for offline file transfer, it's not surprising that this is a common attack vector.
Re:Big surprise (Score:3, Informative)
Er. The last version of Windows that "ran everything" was XP. Just because the dialog comes up in Vista or 7 does NOT mean that the actual autorun application is being executed. The dialog you see is for user convenience, and still has a link to the autorun application, but does not do it on it's own anymore. When you plug your iPad in, the "do nothing" is the X button in the corner. Nothing happens besides that dialog coming up. It would be nice if it offered iTunes in the list, though.
How to disable Autorun in Windows. . . (Score:3, Informative)
Autorun is one of Microsoft's more frustrating contributions to the world.
But what is still more idiotic, is how user-unfriendly the path is to shutting it off. Microsoft's very own page on the issue...
http://support.microsoft.com/kb/967715 [microsoft.com]
-FL
Re:Big surprise (Score:3, Informative)
What you're describing isn't autorun, but the XP-and-onwards "hey, there's new storage" prompt. While they're both annoying to some degree, Autorun executed any autorun.inf in the root of the new storage without prompting, making it a useful way of spreading viruses. The prompt you're referring to doesn't.
Re:PS -- a little more googling shows... (Score:4, Informative)
To their credit, they fixed this in Windows XP.
Yes, XP. Specifically, Windows XP SP2.
It no longer just runs the Autorun program, but instead gives you a dialog that asks what you want to do, with some default choices. The former Autorun command appears at the top of said list.
The only thing Windows 7 did was remove said dialog when you attach non-optical media.
Re:Big surprise (Score:3, Informative)
Or more likely they have their own research labs, and they have white and gray hat hackers who send them exploits that they discover. HTis allows them to try and stay ahead of the game, instead of reacting to every new virus several hours or days after it's been released by someone malicious. If a white hat sends the AV company the latest virus he's written and the AV company said, "oh, that's vera nice... we'll include it in a definition file if anyone bad ever discovers it" how would you feel?
Re:Surprise? (Score:2, Informative)
Actually older versions of Windows did have such a menu item but it was removed in Vista, probably because very few people actually used it. Prior to Vista there was a control panel applet called "Add/Remove Programs". I first encountered it in Windows 95.
Most people used it to uninstall software but the applet also had an "Add Software" button that would scan all removeable media for an installer and offer to execute it.
What I don't understand is why people keep complaining about the autorun functionality, since in Vista and later autorun files are not executed by default. Instead when an autorun file is detected a dialog box is displayed asking the user if they wish to execute the autorun, open a explorer window to browse the files on the disk/device, or do nothing.
How-To Disable Autorun (Score:2, Informative)
Wow. The instructions for disabling Autorun are hideous: http://support.microsoft.com/kb/967715 [microsoft.com]. Is this really how one disables it?
This one looks slightly less hideous: http://www.us-cert.gov/cas/techalerts/TA09-020A.html [us-cert.gov].
I apologize in advance for the noob question.