Infection Via Thumb Drive
Way back in the early 1990, we had computer viruses. However, the only way to catch a computer virus was to run or copy a program off an infected floppy disk. Back then, viruses where classic code insertion style of infection and not the covert software package style they are today. The way the virus moved was to actually add binary instruction code appended to an executable, like in the DOS days when you ran “game.exe” to start a program. When “Game.exe” would run, small about of embedded would also run and that code would look for other EXE files to infect, and also deliver the virus payload, which back then was most likely a “time bomb” to delete files at a later date. Remember “Michelangelo”. http://en.wikipedia.org/wiki/Michelangelo_(computer_virus)
With the rise of the internet in the late 1990s, viruses moved away from EXE infections passed on floppy disks and moved more towards covert installs over the network. At this time viruses also moved from being purely destructive programs into being something with a commercial model behind it. The virus payload stopped being file deletion and started becoming advertising. Which is why we call this style of infection “ad-ware”.
The new class of malware also tries to bond the the computer operating system in such a away as to usurp Windows functions and replace them with functions from the virus. This makes it more difficult for anti-malware software to detect and remove it.
In addition, while this is a very old virus trick, we have been seeing more and more “thumb drive” infections.
These infections work by the virus on a system “infecting” a USB thumb drive, or SD card when it is inserted into a system. Once the infected USB device is moved to another (clean) computer, the virus uses Windows own “auto-run” system to infect the system from the USB device.
The defense to this is ether
- Disable Autorun and Autoplay via the registry.
- Have a good and updated anti-virus package and have it scan USB devices when connected (slow but effective).
- Get a Mac.
I guess it just goes to show what is old is new. Take care when you are asked to plug an unknown thumb drive into a system, you may get more than a Word Document from the transfer.
