How can a flash drive spread a virus?

windows virus

How can a virus be spread from a USB flash drive besides the autorun.inf?

Can boot sector viruses infect thumb drives?


Solution 1:

There must be something that launches the virus, and there's no common way except for autorun.inf. Bootsector is read only on system boot, not when OS is operational.

That means if autorun.inf is disabled – you can relax unless no virus/useful-software enables it back again, or you run it manually :)

UPD: Sometimes a bug is found in some data-processing software: image/PDF viewers, video codecs, etc. If the bug allows to execute arbitrary code, a virus can enter your system inside the thumbnails generation process: this happens when a virus is hidden within some file's data in a way so it's executed by the buggy decoder. It's a rare case, however. Just keep your OS/software/libraries up to date and you're more or less secured :)

Solution 2:

Danger! The existing answers make it sound as if disabling autorun.inf makes it perfectly safe to insert untrusted flash drives. That is false.

First up, once an attacker can run code on your machine, it isn't your machine anymore, and anything could happen. One possibility (if you're running as administrator, or if the virus leverages an elevation-of-privilege vulnerability) is that it rewrites your boot sector.

In the golden age of flash drive viruses, they were indeed mostly spread by rewriting the autorun.inf of new drives. There's also the possibility, however, of modifying programs or documents on the drive to do bad things. Again, once you run a malicious program, it's effectively game over; it doesn't matter how it started running.

The most treacherous way of hijacking flash drives, however, is to rewrite their firmware. Several models of flash drives support reflashing, and it could be done automatically with a little effort on the part of the virus writer. Changes to the firmware could cause the USB device to enumerate as a keyboard and type things into your computer that result in the execution of bad stuff. (Windows+R, http://dubious.bad/pwn.exe, Enter anyone?) There are devices on the market specifically designed to allow this, but reflashing can turn good devices bad.

So yes, there are non-autorun.inf ways for flash drive viruses to ruin your day.

Related

How do I unmask a folder which was previously masked by a virtual folder called "Desktop"?
I accidentally shared my C drive – what should I be worried about?
How to disable the laptop touchpad driver?
Unpin File Explorer from the taskbar in Windows 10 via script or batch file
Windows 10 File History: How include other folders in backup?
Error: "The inf file you selected does not support this method of installation"
Write caching causes slower performance?
Power went out and now my router doesn't give any internet
Firefox go to very first page in history stack
How to stop OneDrive from acting as default Documents folder
Specifying a link key in android without pairing
Hyperledger Composer Web application user authentication