How to prevent Trojan spread from USB Flash to your computer
Today i received an email notifying a new undetected Trojan spreading through
Trojans which spread using this method usually take advantage of insecure behavior of Windows ( Vista excluded due to UAC). In windows, when u stick your USB flash drive, the host computer will look for commands in Autorun.inf to be executed automatically. In normal circumstances, those commands in Autorun.inf are harmless, but if the file was modified, it may call for execution of a Trojan or whatever program in your USB flash drive automatically. Why Microsoft is so stupid to allow this obvious hole running in more than 90% of computers on Earth? The answer is pretty easy; most of us want a user friendly OS rite? We will sacrifice security for over friendliness. If u agrees on this statement, u should ditch out windows NOW, head on for Linux and Stop reading this writing.
Ok, your are still reading, either your so fucking in love with windows or this writing is so good 
. Let me put an example of a detected Trojan called Win32.ShipUp. The Trojan body is inform.exe and Autorun.inf is needed for its to spread. This is the setting found in Autorun.inf for USB Flash infected with Win32.ShipUp:
open=infrom.exe
shellexecute=infrom.exe
shell\Auto\command=infrom.exe
shell=auto
Every time u stick this USB flash to a clean system, windows will detect the USB flash, lookout for Autorun.inf and execute inform.exe. The host registry will be edited by the Trojan so that it will reload every time the computer starts. A new Trojan Host is established. Infrom.exe will stay in the Host memory waiting for a new clean USB drive. When a new clean USB flash is inserted, the Trojan in memory will copy itself (inform.exe) and a modified Autorun.inf to the clean USB Flash. This vicious cycle will continue until the Trojan is detected or someone breaks it. Hoping for antivirus to play catch up with all viruses in the wild is useless. Read my previous writing here. They are two methods to break this viscous cycle, 1st is to prevent an infected host to spread the Trojan to a clean USB flash and 2nd is to prevent a clean system to execute any command in Autorun.inf. If u prefer the former, read here. The second method is the easiest. Whenever u stick any USB flash, hold down SHIFT key. This will prevent windows to execute commands in Autorun.inf. When u want to explore the drive, right click and choose explore.
Hope u enjoy the above tip. Enjoy!
Ahhh… the wonders of MS Windows
But are you sure it’s undetected by Anti Virus software?
I’m pretty sure any decent AV software will detect and remove the trojan.
yup , not detected by any antivirus solution. this trojan evolved from ravmon.exe, which the code is widely available. anybody can alter the code so that the evolution trojan wont be detected. as long as the trojan is not widely spread , antivirus company wont notice.
Hey,
I’ve faced this problem too!
Great artice, will keep it in mind
wahhh… azmeen also here, eh? I wonder how he got here??? Hmmm…. Kucau also in Azmeen blog, hmmm, interesting… i wonder how eh?
anyway, great info here. I would go into linux if that Az guy help me to convert. I love GUI. If that’s available in linux and someone help me to convert, I will. Great info again here kucau.
papajoneh , try Ubuntu . u cant get it at https://shipit.ubuntu.com/login . register, ask them to send few free cds. Yes , FOC ubuntu cds delivered to your home. set your computer to boot up from CD , put the Uuntu cd , restart and thats it . u can try w/out even installing.
[...] PC from acting as reservoir to spread virus/Trojan via USB Drive. When this technique applied with SHIFT key hold down technique, no virus will be able to spread via USB drive. (Unless the virus reverses whatever registry change [...]
i had some weird shit go on, i plug my flash drive into alot of different computers (xp, vista, mac) i dont know which computer put this autorun.inf file on my drive, but once i plugged it into my friends vista laptop with trend micro internet security 08 installed, it poped up saying trojan horse detected autorun.inf on drive e, which was my flash drive.so after seeing that im like wtf then i looked it up found this article. taught me something. so does this mean that av companies have caught up?
Well… our school detected the virus. One of the schools’ computers are infected by a virus. The virus appears to be infrom.exe and autorun.inf. Once when the USB Flash Drive was plugged, McAfee Enterprise Edition automatically scanned the virus. It actually have the same exact name of the virus. So I think the school’s anti-virus sucks LOl! They need to get a better one. Anyways… the name is Win32.ShipUp as detected by McAfee. They use a school proxy, which appears the school’s filter is not communicating with the file, but it does the same exact cycle as describe on this article. I deleted the virus by using McAfee. I deleted it like nothing. I’m a 3-year experienced computer technician. I’m 15-years old, and I still got a way to delete that virus. I had my computer since 5 in a half years. The best way to delete the virus is by using avast! anti-virus’ “scan-before logging in to windows” technology. Even my computer could delete that virus like nothing! Insert an infected USB Drive, it will delete the virus automatically! It even deleted a virus from my friend’s iPod when he connected to my computer for the first time [:
check out this lin for more info.. it gives prevention methods 2..
http://13r4v0.blogspot.com