AutoRun feature on USB devices are often the cause of multiplying malware   Leave a comment

Research has found that one out of every eight attacks on computers enters via a USB device.

The AutoRun feature in Microsoft Windows operating systems has been named as the key attack point. Jan Sirmer, analyst at the Avast Virus Lab, said that while AutoRun is a really useful tool it is also a way to spread more than two-thirds of current malware.

He said: “The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers, which were also spread via infected memory sticks. Cyber criminals are taking advantage of people’s natural inclination to share with their friends and the growing memory capacity of USB devices. Put these two factors together and we have an interesting scenario.”

Avast, who conducted the research, said that when a USB device starts an executable file it then invites a wide array of malware into the computer. The incoming malware copies itself into the core of the Windows OS and can replicate itself each time the computer is started. The generic detection term for this type of worm is ‘INF:AutoRun-gen2 [Wrm]’ and out of the total AutoRun-gen2 attacks, 84 per cent were repelled by its System Shield software.

Sirmer said: “In a work environment, staff will often bring in their own USB memory sticks to move files around. This can bypass gateway malware scanners and leave the responsibility for stopping malware just on the local machines’ anti-virus software.

“Detecting AutoRun-gen2 is complicated by the growing memory of USB devices and more complex obfuscation techniques. A full scan can take up to an hour for a one terabyte device, so people will skip this entirely or just go for a quicker on-access scan.

“This danger is poised to increase with the introduction of the new USB 3.0 standard. In parallel with these technological improvements, the writers of AutoRun malware are developing new code and ways of how to obfuscate their work. Once I found ‘y0u c4nt st0p us’ in the middle of some code’, they know they are in the lead.”

http://www.scmagazineuk.com/autorun-feature-on-usb-devices-are-often-the-cause-of-multiplying-malware/article/190099/?DCMP=EMC-SCUK_Newswire

Advertisements

Posted November 10, 2010 by axxerainc in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: