My girlfriend recently bought an mp3 player through eBay. The slim 8GB player, dubbed ”MP3 Player“ by the no-name brand vendor, reminded me of some other well known player – I… I… I just can’t remember the name. But, since it was offered at half the price of an iPod, we though it wasn’t a bad deal and ordered it. Last week it was finally delivered and while checking it out I connected it through USB to my laptop. A moment later my Norton Internet Security informed me that the removable device was infected with Backdoor.Graybird. Using a hidden autorun.inf file the back door tried to infect the PC the player was connected to – if the user was careless enough to open the drive unprotected. ;-) Not that I believed that we would no longer see any Backdoor.Graybirds after the farewell from the authors.
Nor did I believe that everyone would learn from the mistakes other manufacturers suffered in similar cases (see previous Symantec blogs: "Playing on a blog near you." and "Would you like a virus with that?"). I guess we have to face it: more and more USB devices will become infected by malware in the future. Some unintentionally during careless manufacturing, and others deliberately infected by the attackers.
There are just too many ways to prepare USB drives to autorun and infect machines. Some attacks rely heavily on social engineering, such as the method of adding an extra “open with” menu entry as shown in the screenshot here:
If the user doesn’t notice the extra menu entry, he or she will run the malware instead of opening the drive. So, be wary of any unknown USB device that you plug in your machine; in fact, you should always be vigilant with any new device that you use.
No comments:
Post a Comment