Thumb drive, jump drive, pen drive, flash drive, USB stick, USB drive (I prefer flash drive), whatever you want to call them, we love them; those handy little keychain-mountable storage devices that you plug into your computer’s USB port that have all but replaced those stacks of floppy disks that used to clutter up your desk. Beware, though; flash drives are not without their security risks.
Beginning in late October and early November of 2008, reports began popping up everywhere about new waves of virus infections that specifically targeted flash drives. Computer viruses were spreading through business and government offices like wildfire. Almost half of the Japanese universities surveyed by the popular newspaper Yomiuri Shimbun reported that their computers had been infected with viruses due to the use of flash drives. The newspaper stated, “The widespread use of USB thumb drives by students using shared computers on campuses has made universities a hotbed for virus infection…” The U.S. Computer Emergency Readiness Team, a division of Homeland Security, activated the National Cyber Alert System, advising people to use flash drives with caution.
The U.S. Department of Defense even went so far as to completely ban the use of flash drives and other types of removable storage devices such as cameras, external hard drives and certain types of printers. This drastic measure came after Army networks were infiltrated with a virus known as “Agent.bzt.” The virus was custom designed to infect flash drives and other removable storage devices, and then infect the computers to which they might be attached. Some corporations reported that thousands of infected computers had to be taken offline because antivirus companies had not yet come up with a fix.
What makes viruses carried by flash drives so successful are some sneaky little Windows “features” called Autorun and Autoplay. Apple Macintosh computers have similar functions. You know how when you insert a CD, DVD or flash drive, they automatically start playing, or a window pops up asking what you want to do? That’s Autorun and Autoplay at work. Autorun is tied to a file called autorun.inf, and when Windows detects this file it automatically starts running installers and other programs. The flash drive-carried viruses have an autorun.inf file that instantly runs when the flash drive is plugged in, installing the virus and the computer user is totally unaware that anything has happened. That is, until the virus delivers its payload and the computer starts acting all wonky.
The easiest way to protect against such attacks is to never plug your flash drive into any computer but your own, and to never plug anyone else’s flash drive into your computer. Many people will never observe such rules, though, as that sort of takes the fun out of having a flash drive in the first place. As such, the next best protection is to disable the Autorun/Autoplay feature.
The easiest way for most people to disable Autorun/Autoplay is to download a nifty little program from Microsoft called TweakUI. In addition to providing an easy way to “tweak” many different Windows settings, TweakUI also provides an easy way to disable Autorun/Autoplay, thus enhancing the security of your computer. Companies that require high-security environments have known about disabling these features for years; it’s only recently that following such “best practices” rules has become important for ordinary computer users.
To download TweakUI, go to microsoft.com and search for “powertoys.” Pick the version for your operating system. Scroll down the page and you’ll find TweakUI in the list on the right side. Download the TweakUI file to your hard drive and double-click the downloaded file to install the program.
Once TweakUI is installed, run the program and expand (click on the “+” symbol) the My Computer folder. Next, expand Autoplay and select Types. Uncheck “Enable Autoplay” for the drives you wish to protect, save your changes, restart the computer and you’re done. Now, when you plug in a USB drive, you’ll be able to scan the drive for viruses before anything else happens, or you can manually view the contents of the drive from My Computer and remove any undesirable files that may have crept in.
While researching this article, Google thoughtfully provided a few links for me to websites that describe how to deal with thumb infections, i.e., I-cut-my-thumb-and-it-got-infected type thumb infections; hence, the insanely clever title of this article.