Webroot - Malicious autorun scripts on USBs
-
Now reinstalling Windows....fun
-
Avast blocks the thing, just tested it.
-
Sounds like a good candidate for our non-profit security test center!
-
So the malware was called by an autorun.inf, or you clicked on something on the pen drive?
-
Triggered before I touched any files.
FYI Webroot replied to my ticket within 15 minutes requesting a time when one of their engineers could contact me. Fast reply.
@Reid-Cooper said in Webroot - Malicious autorun scripts on USBs:
Sounds like a good candidate for our non-profit security test center!
No one would donate or fund it. Its not sexy enough to get donations.
-
@Breffni-Potter said in Webroot - Malicious autorun scripts on USBs:
Triggered before I touched any files.
FYI Webroot replied to my ticket within 15 minutes requesting a time when one of their engineers could contact me. Fast reply.
@Reid-Cooper said in Webroot - Malicious autorun scripts on USBs:
Sounds like a good candidate for our non-profit security test center!
No one would donate or fund it. Its not sexy enough to get donations.
If I had the time to do it, I would definitely do it. Time is in short supply these days.
-
@Breffni-Potter said in Webroot - Malicious autorun scripts on USBs:
Triggered before I touched any files.
Perhaps showing my ignorance here, but is autorun still a thing? I somehow thought it was disabled in Windows since about XP?
-
@Carnival-Boy said in Webroot - Malicious autorun scripts on USBs:
@Breffni-Potter said in Webroot - Malicious autorun scripts on USBs:
Triggered before I touched any files.
Perhaps showing my ignorance here, but is autorun still a thing? I somehow thought it was disabled in Windows since about XP?
LOL, sadly, still a thing.
-
@Carnival-Boy Nope. Still present in every version of Windows since XP. In 7 it asked what action you would like to take for removable media and a default was often, open file explorer.
In Windows 10, it is still alive and kicking but I thought I had it disabled.
-
Opening file explorer is ok though, isn't it? It's executing autorun.inf that's the problem.
-
From Wikipedia:
"Autorun.inf has been used to execute a malicious program automatically, without the user knowing. This functionality was removed in Windows 7 and a patch for Windows XP and Vista was released on August 25, 2009 and included in Microsoft Automatic Updates on February 8, 2011"What am I missing here?
-
@Carnival-Boy said in Webroot - Malicious autorun scripts on USBs:
From Wikipedia:
"Autorun.inf has been used to execute a malicious program automatically, without the user knowing. This functionality was removed in Windows 7 and a patch for Windows XP and Vista was released on August 25, 2009 and included in Microsoft Automatic Updates on February 8, 2011"What am I missing here?
It is still there, but not by default anymore. Even Windows 10 lets you choose to allow autorun but on a per media basis.
-
@Carnival-Boy said in Webroot - Malicious autorun scripts on USBs:
From Wikipedia:
"Autorun.inf has been used to execute a malicious program automatically, without the user knowing. This functionality was removed in Windows 7 and a patch for Windows XP and Vista was released on August 25, 2009 and included in Microsoft Automatic Updates on February 8, 2011"What am I missing here?
This was the default functionality. Whenever you inserted a USB or CD it would search for the autorun.inf file and do whatever it said. Now it asks if you want to run it or do something else.
-
@coliver said in Webroot - Malicious autorun scripts on USBs:
Now it asks if you want to run it or do something else.
Exactly. That's my point. It doesn't autorun, it asks you what you want to do.
-
@Carnival-Boy said in Webroot - Malicious autorun scripts on USBs:
@coliver said in Webroot - Malicious autorun scripts on USBs:
Now it asks if you want to run it or do something else.
Exactly. That's my point. It doesn't autorun, it asks you what you want to do.
It does not automatically launch the autorun.inf, true. But to say the functionality is removed is incorrect. autorun.inf is still perfectly valid and lots of stupid people still click through.
-
And a lot of people set it to "always do" something bad, then it doesn't ask again.