Today
one of the fastest medium used by malware for infection is removable
drives. Worms used it to replicate faster, once your removal drive come
in contact with infected system it gets infected automatically by the
malicious services running in system, one of the first task done by
malicious services is to create AUTORUN information file into Removable
drive for further propagation.
Now once you open these infected Removable Drives in any PC, AUTORUN file do there task, but question is How?
Actually AUTORUN file contains code for executing infected executable
file instantly which were copied earlier somewhere in Removable Drives
by malicious services.
The code within AUTORUN information file looks something like this:
[AUTORUN]
OPEN=recycler/setup.exe
In the above script recycler is a folder in removal drives which
contain infected executable file (copied earlier by malicious services)
that is now being used by AUTORUN file for propagation.
Here we can protect our Removal Drives against these worms by restricting changes to Autorun.inf file.
Step1: Create four folders in the root directory of your Removable drive with name Autorun.inf, Recycle, Recycler and Recycled.
Step2: Go to Start>Run and type cmd to open Command Prompt
Step3: Now type below command one by one
attrib autorun.inf /s /d –a +s +r
cacls autorun.inf /c /d administrators
Step4: Repeat Step3 for Recycle, Recycler and Recycled.
Here in the above procedure attrib command is used to set the folder
attributes and cacls is used to set the privilege label to deny access
for members of administrators group.
Once you have completed
this task successfully you won’t be able to delete, rename, modify, copy
or open these folders and this also prevent Malicious services running
in any system to modify or copy infected files into Removable Drives.
No comments:
Post a Comment