Worms and USB Flash Drives Gang Up. Disable Auto-Run!


USB Flash DriveHave you been reading technology news lately aside from the iPhone hype?

Danger USB! Worm targets removable memory sticks to infiltrate business
The W32/SillyFD-AA worm hunts for removable drives such as floppy disks and USB memory sticks, and then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is connected to a Windows PC.

USB flash drive worm spreads information about AIDS
The W32/LiarVB-A worm hunts for removable drives such as floppy disks and USB memory sticks (as well as spreading via network shares), and then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is connected to a Windows PC.

Harry Potter worm claims teenage wizard is dead
The W32/Hairy-A worm can automatically infect a PC when users plug-in USB drives, which carry a file posing as a copy of the eagerly anticipated novel, “Harry Potter and the Deathly Hallows”.

Get a hold of yourself and shut up about the iPhone first. This one’s more important.


In a span of about 2 months, 3 worms have been discovered, infecting floppy and USB flash disks. The method of infection, as Sophos senior technology consultant Graham Cluley would say, is old school, written to give the author a platform to show off rather than to steal identities or cash. Old as they may be, the thing is that virus infections are annoying. Almost always, they work in the background and many don’t like that. For example, the W32/SillyFD-AA worm changes the title of Internet Explorer to Hacked by 1BYTE.

Worm changes the title of Internet Explorer to Hacked by 1BYTE

The W32/LiarVB-A worm on the other hand, drops an HTML file containing a message about AIDS and HIV to the user’s drive.

W32/LiarVB-A drops an HTML file containing a message about AIDS and HIV to the user's drive.

Moreover, the W32/Hairy-A worm does a lot of things. After infection, the worm creates 3 new users to the Windows XP log in screen among others. It will then display a message after logging in:

W32/Hairy-A creates 3 new users to the Windows XP log in screen

read and repent

the end is near
repent from your evil ways O Ye folks
lest you burn in hell…JK Rowling especially

Source images: Sophos Press Office

As you’ve seen, Windows users definitely won’t enjoy these kinds of activities in their computers. Luckily, a simple dose of prevention from the old school is readily available.

Disable Windows AutoPlay

Disable Windows AutoPlay

Download Tweak UI for Windows XP from MicrosoftAn easy way to disable Auto Play is with a Windows XP PowerToys component, Tweak UI. The PC Doctor has a simple guide on how to disable AutoPlay on specific drives. The nice thing about using this niftry program is that you can specify which drives you want AutoPlay disabled. For example if your USB drive is D:\, you can just uncheck it and click OK. However, since other removable drives such as floppy disks and CD/DVD-ROMs are also known to infect Windows systems, you might as well disable AutoPlay from these media. For Windows Vista users, Totalidea’s Basic Edition of Tweak VI (FREE) can reportedly disable AutoPlay.

Tweak UI AutoPlay checkbox

Tweak VI Basic Edition AutoPlay checkbox

A more technical approach, but which doesn’t need a third-party program, is by doing some changes in the Registry. However, most of the procedures I found referred to CD-ROM drives. I decided not to include them here because they may not apply to USB flash drives.

A simpler but unlikely trick would be to hold down the Shift key while inserting the USB flash drive or the CD/DVD-ROM drive.

Scan for Viruses

Why do these old school tricks keep coming back? It just goes to show that majority of computer users never learned. Simple tasks such as scanning documents or binaries for viruses before opening them, or not opening anonymous e-mails are often overlooked; not to mention religiously updating security software. People tend to have a feeling of absolute safety by nature, leading them to settle for a false sense of security (as Kevin Mitnick mentioned in his book, The Art of Deception).

If you can afford a high-end security software suite, then get one. Otherwise, there are many free alternatives. Just ask Google. It is your friend.

Related Posts

  • No related posts.

This entry was posted on Saturday, June 30th, 2007 at 23:10 and is filed under Web News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

27 Responses to “Worms and USB Flash Drives Gang Up. Disable Auto-Run!”

  1. Syaf The Geek Says:
    July 1st, 2007 at 22:10

    USB drive or thumb drive nowadays is a tools to spread viruses. Remember in those days when floppy disk became in this same kind of situation. Well thumb drive is much much dangerous. I’ve repaired a lot of my friends’ PC and laptops that infected by viruses after plugging in the USB drive or thumb drive. I’m tired of it because it is the same things happen.

  2. James Soh Says:
    July 1st, 2007 at 23:50

    Hey Gabriel,

    Nice heads up! Thumb drives are here to stay as prices nose dive and USB becomes standard on every machine. Just like email viruses, we just have to learn to live with it or pay the price of cleaning it up. Thanks.

  3. Gabriel Says:
    July 2nd, 2007 at 22:33

    @Syaf,
    Yeah, I remembered those floppy days. Hehe. Boot sector viruses in floppies don’t do much damage, though. At least my free antivirus program can detect them right away.

    These USB flash drive worms seem to be a bit different. We have been so used to the AutoPlay feature in Windows that we never realized we had it turned on all along (and by default). At least floppy disks give us an option to scan first before opening.

    @James,
    You’re welcome.

    Yeah, the prices of USB flash drives really nose dived. I remembered 6 months ago, the prices were still double as that of the current prices. In such a short span of time, USB flash drives were even more affordable than before.

    Cleaning up seems tedious for me, so I guess an ounce of prevention is better than a pound of cure in this case.

  4. Beta3 Says:
    July 6th, 2007 at 12:44

    Thanx for the tip. I disabled autorun for USB drives. I recently got infected by W32/AHKHeap-A. Pretty sticky worm it was…

  5. Gabriel Says:
    July 6th, 2007 at 22:21

    I’m sorry to hear that. W32/AHKHeap must be really annoying, isn’t it?

    You’re welcome Beta3! When I disabled autorun for my USB drive, it was just a single checkbox that I unchecked from TweakUI.

  6. Ledokin » Worms and USB Flash Drives Gang Up. Disable Auto-Run! Says:
    November 13th, 2007 at 13:16

    [...] read more | digg story [...]

  7. Jim Mirkalami Says:
    February 10th, 2008 at 14:12

    I have been visiting this site a lot lately, so i thought it is a good idea to show my appreciation with a comment.

    Thanks,
    Jim Mirkalami

    PS: I am a single dad. ;)

  8. Gabriel Says:
    February 11th, 2008 at 1:34

    OT:

    Nice to hear from you, Jim. You must be a proud parent… having to raise your kids on your own. I salute you for that.

    Thank you for taking the time to read my articles. They haven’t been updated for a while but I will be back soon.

  9. Nik Kurkov Says:
    March 7th, 2008 at 12:22

    I recommend use good antivirus. For example I use Kaspersky Anti-Virus.

  10. USB Drives Says:
    March 25th, 2008 at 4:38

    Your comment about the iphone was hillarious, really cracked me up. I guess with the proliferation of any technology, there are people who will try to find a way to exploit it and usb drives are no different. Great tips on preventing the virus. We all need a constant reminder to keep our stuff secure.

  11. Janni Says:
    May 1st, 2008 at 0:41

    AutoRun USB does the same thing for USB Flash Drives that autorun.inf files do for CD’s! Automatically launch the program of your choice on your USB Flash Drive everytime you plug it in! No more searching for exe’s through file explorer, just plug it in and go! Upgrade to AutoRun USB Executive Edition to add even more functionality, including customizeable popup menus!

  12. car moving Says:
    May 11th, 2008 at 11:18

    I’ve had that one that changed the Internet explorer’s title, good thing there is always majorgeeks to eliminate that annoying crap.

  13. gang prevention Says:
    May 13th, 2008 at 17:49

    [...] Remember the &quotfloppy&quot days? Learn how to prevent these infections through this articlhttp://afterlight.110mb.com/2007/06/30/worms-and-usb-flash-drives-gang-up-disable-auto-run/Focus Adolescent Services: Gangs - Awareness, Prevention, InterventionFrom Research Review: gang [...]

  14. how to disable flash Says:
    May 17th, 2008 at 4:38

    [...] Remember the &quotfloppy&quot days? Learn how to prevent these infections through this articlhttp://afterlight.110mb.com/2007/06/30/worms-and-usb-flash-drives-gang-up-disable-auto-run/Blogzilla - a weblog about Mozilla: Enable/Disable FlashIf flash ads annoy you, but you don&39t want [...]

  15. Disabled Signs Says:
    May 23rd, 2008 at 17:02

    oh my .. i am so glad i came across your site … its so informational its bril… i never even knew that you can get worms …. wow .. i work with computers every day and my memory stick etc … better be carful then thanks for the info ..

  16. Used Acura Says:
    June 3rd, 2008 at 9:22

    Scary. I use my USB drive almost everyday from computer to computer. Guess I need to always make sure my anti-virus is up to date.

  17. Run Your Car on Water Says:
    June 16th, 2008 at 2:51

    Ahha, my laptop was infected with that Harry Potter virus long time ago. However Norton Antivirus removed it without leaving a trace.

  18. Used Engine Says:
    June 20th, 2008 at 17:05

    Hi…Here are few tips for virus scan…
    If you discover a suspicious file on your machine, or suspect that a program you downloaded from the Internet might be malicious, you can check the files here.

    Indicate the file to be checked; it will automatically be uploaded from your computer to a dedicated server, where it will be scanned using Kaspersky Anti-Virus. Multiple independent tests and publications acknowledge the solution to have exceptional detection rates. Updates every three hours ensure that even the very newest viruses can be detected.

    Only one file of up to 1 MB can be checked at any one time. If the file is too large, a window with an error message will be displayed. Type the name of the file in the window at the top of this page, or find the file using ‘Browse’. Then click on ‘Submit’.

    If you have several potentially suspicious files, you can check them one after the other, or create an archive file (in zip, arj or similar format) and check that. The archive should not be larger than 1 MB.

  19. Cheap Chrome Rims Says:
    June 24th, 2008 at 9:54

    Great! Now I have to watch out for my USB drive. These virus writers need to find something better to do! LOL!

  20. acne treatment Says:
    July 2nd, 2008 at 14:35

    The new format usb drives use encryption and handshakes as well as user/pass login making it much harder to infect the host system. I know that many of them also use a protected shield and build in virus scan when information is taken from the drive.

  21. rhonda Says:
    July 15th, 2008 at 10:01

    It goes to show that there are viruses everywhere!

  22. Hairloss Treatment Says:
    July 23rd, 2008 at 20:37

    It seems the new ways of infecting come around every year or so. But everyones memories of how they were caught out the last time they were infected lasts less than that! Stick to security basics and at least if you are caught out, it isn’t down to negligence.

  23. Kel Says:
    August 4th, 2008 at 2:57

    What’s annoying about this Windows vulnerability is that users have not been made aware of this and many who don’t use the internet may assume their computer is safe due to no external exposure!

    It is much worse than a boot sector virus as it is executed immediately; and even when autorun is disabled you will still find Explorer executing autorun if the drive is double clicked!!!

  24. Run Your Car With Water - Top Site Design And Add Copy! | 7Wins.eu Says:
    August 5th, 2008 at 9:11

    [...] - making huge savings on their fuel bills. [33] [34] [35] Sites you may be interested in Worms and USB Flash Drives Gang Up. Disable Auto-Run! | Project Afterlight. Articles, News, Updates,…BuzzMachine ? Blog Archive ? Newsroom economics Tags &gt No Tags &lt This product is also listed [...]

  25. Arther Says:
    August 17th, 2008 at 6:51

    Time to scan my usb drives!

  26. Sriki Says:
    August 18th, 2008 at 23:53

    Ya i totally agree with you.I’ll never enable autorun for pendrives.It’s the most famous tool to spread virus.So wanna be careful with them..Any ways thankx for the info..

  27. Mortgage Payment Calculator Says:
    August 22nd, 2008 at 7:09

    Definitely have to check my usb drive as well. Scary stuff!

Leave a Reply