Re: Safeguard Your PC Against the Downadup Worm

From: "jen" <jen@xxxxxxxxxxx>
Date: Sat, 24 Jan 2009 15:11:56 -0500

"Ablang" <ron916@xxxxxxxxx> wrote in message
news:54c79a4d-9c66-43f5-8df7-070cfa410d94@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[snip]

And the worm can spread from flash drives, too? Yes.

From the moment Downadup infects a PC, it copies a file, named
"autorun.inf" to the root of any USB storage devices, typically flash
drives, that are connected to the compromised computer. That filename
takes advantage of Windows' Autorun and Autoplay features to copy the
worm to any machine that the flash drive, camera or other USB device
is plugged into. Downadup will infect that PC when the drive or device
is connected, or when the user double-clicks the device's icon within
Windows Explorer or from the desktop.

Security experts have recommended that users disable both Autorun and
Autoplay in Windows.

A December blog post by Symantec researcher Ben Nahorney spells out
how to disable Autoplay, while a separate post on the Hackology blog
outlines how to turn off Autorun by editing the registry.

[snip]

Important to mention here...
US-CERT alert on autorun:
Microsoft Windows Does Not Disable AutoRun Properly
Update:
Microsoft has provided support document KB953252, which describes how to
correct the problem of NoDriveTypeAutoRun registry value enforcement.
After the update is installed, Windows will obey the NoDriveTypeAutorun
registry value. Note that this fix has been released via Microsoft
Update to Windows Vista and Server 2008 systems as part of the MS08-038
Security Bulletin. Windows 2000, XP, and Server 2003 users must install
the update manually. Our testing has shown that installing this update
and setting the NoDriveTypeAutoRun registry value to 0xFF will disable
AutoRun as well as the workaround described above.
http://www.us-cert.gov/cas/techalerts/TA09-020A.html

-jen

.

References:
- Safeguard Your PC Against the Downadup Worm
  - From: Ablang

Prev by Date: Re: Computer keeps re booting
Next by Date: Re: Safeguard Your PC Against the Downadup Worm
Previous by thread: Re: Safeguard Your PC Against the Downadup Worm
Next by thread: Sad story follow-up
Index(es):
- Date
- Thread

Relevant Pages

Re: Naming removable drives
... Just put the file in the root directory of the drive (along with the icon file if used) and next time you plug it in it should show the desired name and icon. ... I just noticed I'm in a win2000 group, I have not checked to see if this works in Windows 2000, but it does on XP and later. ... I think that it works on Windows 2000 also but the problem with using autorun files on removable media is that this has become a well known method for spreading virus and malware, kids in schools and campuses are often unwitting victims of this practice. ... For these reasons many users have disabled the autorun feature on almost all their drives. ...
(microsoft.public.win2000.general)
Re: xp home sp 2 wont take no for an answer
... * If you hold down the Shift key when inserting the CD, the autorun is bypassed. ... * Obtain and install TweakUI (part of the PowerToys for Windows XP package), ... Expand the My Computer branch, then the AutoPlay branch, and then select Drives. ...
(microsoft.public.windowsxp.general)
Re: Naming removable drives
... I use an autorun.inf file to give a name and a custom icon to my removable drives. ... I just noticed I'm in a win2000 group, I have not checked to see if this works in Windows 2000, but it does on XP and later. ... I think that it works on Windows 2000 also but the problem with using autorun files on removable media is that this has become a well known method for spreading virus and malware, kids in schools and campuses are often unwitting victims of this practice. ... For these reasons many users have disabled the autorun feature on almost all their drives. ...
(microsoft.public.win2000.general)
Re: Naming removable drives
... I use an autorun.inf file to give a name and a custom icon to my ... this works in Windows 2000, but it does on XP and later. ... using autorun files on removable media is that this has become a ... feature on almost all their drives. ...
(microsoft.public.win2000.general)
Re: xp home sp 2 wont take no for an answer
... * If you hold down the Shift key when inserting the CD, the autorun is bypassed. ... * Obtain and install TweakUI (part of the PowerToys for Windows XP package), ... Expand the My Computer branch, then the AutoPlay branch, and then select Drives. ...
(microsoft.public.windowsxp.general)