How To Maximize The Malware Protection Of Your Removable Drives

[Peaches]

Sep22 2009

How to Maximize the Malware Protection of Your Removable Drives

by Christian Potencia (Threat Response Engineer)

img {max-width:650px;width: expression(this.width > 650 ? 650: true);border-style:none; } Removable drives are one of the most common infection vectors for malware today. Worms propagate via these vectors to proliferate their payload and ultimately, infect more users.

Users need to perform some countermeasures to secure their systems. One way of doing this is to protect removable drives against worms using the Autorun feature.

One popular way of protecting removable drives is by creating a folder or file and renaming it as AUTORUN.INF. It could enable the malware to automatically run on the system even without the users executing it. By creating this file beforehand, ideally, worms would not be able to run in this way.

However, this method is not perfect. Worms can delete the existing AUTORUN.INF file or folder, and then replace it with a malicious version. This would negate any protection placed by the user on the said file. However, by using file permissions to restrict changes, the AUTORUN.INF file can be protected more effectively.

More detail & screenshots - Trendmicro - http://blog.trendmicro.com/