Lure of a FREE PEN DRIVE : MALWARE'd

1.   If you are one of those guys who are regular to attend workshops, seminars, product launches , lectures...you must have got varying opportunities of getting hold of freebies in form of bags,brochures and PEN DRIVES....yess m sure the last one is a pure lure and most of the times everi one of us falls for it...be it a small capacity or a large capacity...the hand does not think twice before picking it up....but does any one of us realise that it may be these pen drives who become the first source of uploading some malware or a virus in your PC or laptop...the moment it is plugged in .....the machine is compromised.....unless the autorun is disabled...which in most of the cases is not.....

2.  The concept of zero day exploits has made it more dangerous....coz even if the user decides to run a antivirus scan...it will be shown free of any kind of virus or malware...the result is a silent compromise of the machine...however updated it remains in respect of OS or browsers or any application....the silent action in the background defies every lock of the user.Now all this is not based on some kind of imagination...there have been real life cases of which the one which made lots of noise is the IBM-AusCERT conference on the Gold Coast, Queensland, in which the free pendrives were infected by not one, but two pieces of malware.The details available at this link http://nakedsecurity.sophos.com/2010/05/21/ibm-distributes-usb-malware-cocktail-auscert-security-conference/

(CLICK ON THE IMAGE TO ENLARGE)

3.   In what must have been a highly embarrassing admission, IBM Australia sent an email to all AusCERT attendees warning them of the security screw-up...as shown in the screen shot above...besides this the famous stuxnet example was via pendrives lure....so if this is happening at such high levels of interactions,can the workshops u and me attend be left behind!!!!no way....so whats the way out?....best way is to buy one from a genuine store...(not sure how clean will that be?)...or still better refrain your self from picking one free pendrive.

How to avoid an infected USB/PEN Drive?

1. The most common way for a virus to infect a healthy PC is through USB/Flash drives. Common viruses such as 'Ravmon' , 'New Folder.exe', etc spread through USB/flash drives . Invariably, anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Following are a step by step easy to do instruction

(a) A window appears similar to the one shown below…

(b) Don't click on Ok , just choose 'Cancel'.

(c) Open the Command Prompt by typing 'cmd' in the run box.

(d) In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.

(e) This will display a list of the files in the Flash drive or Hardisk. Check whether the following files are there or not

(i) Autorun.inf

(ii) Ravmon.exe

(iii) New Folder.exe

(iv) svchost.exe

(v) Heap41a

(vi) or any other .exe which may be suspicious.

(f) If any of the above files are there, then probably the USB drive is infected.

(g) In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files.

(h) Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with a latest anti-virus program like McAfee or TrendMicro's PCCillin to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the "Autorun.inf" file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections invariably spreads...but not if u take these precautions as mentioned above.

2. Thanks http://www.howtodothings.com