How can a flash drive spread a virus?
How can a virus be spread from a USB flash drive besides the autorun.inf
?
Can boot sector viruses infect thumb drives?
Solution 1:
There must be something that launches the virus, and there's no common way except for autorun.inf
. Bootsector is read only on system boot, not when OS is operational.
That means if autorun.inf
is disabled – you can relax unless no virus/useful-software enables it back again, or you run it manually :)
UPD: Sometimes a bug is found in some data-processing software: image/PDF viewers, video codecs, etc. If the bug allows to execute arbitrary code, a virus can enter your system inside the thumbnails generation process: this happens when a virus is hidden within some file's data in a way so it's executed by the buggy decoder. It's a rare case, however. Just keep your OS/software/libraries up to date and you're more or less secured :)
Solution 2:
Danger! The existing answers make it sound as if disabling autorun.inf
makes it perfectly safe to insert untrusted flash drives. That is false.
First up, once an attacker can run code on your machine, it isn't your machine anymore, and anything could happen. One possibility (if you're running as administrator, or if the virus leverages an elevation-of-privilege vulnerability) is that it rewrites your boot sector.
In the golden age of flash drive viruses, they were indeed mostly spread by rewriting the autorun.inf
of new drives. There's also the possibility, however, of modifying programs or documents on the drive to do bad things. Again, once you run a malicious program, it's effectively game over; it doesn't matter how it started running.
The most treacherous way of hijacking flash drives, however, is to rewrite their firmware. Several models of flash drives support reflashing, and it could be done automatically with a little effort on the part of the virus writer. Changes to the firmware could cause the USB device to enumerate as a keyboard and type things into your computer that result in the execution of bad stuff. (Windows+R, http://dubious.bad/pwn.exe
, Enter anyone?) There are devices on the market specifically designed to allow this, but reflashing can turn good devices bad.
So yes, there are non-autorun.inf
ways for flash drive viruses to ruin your day.