I’ve known this was possible for a while, but I hadn’t looked for nor stumbled upon instructions for putting an autorun file on a USB key and getting it to work. This week, obviously, I found the instructions over at Daily Cup of Tech for making this happen. I can see several good and nefarious uses for this.
The autorun.inf file is the key to getting your USB drive (or CD-ROM drive, for that matter) to perform certain actions automatically and customize it’s look in My Computer. The purpose of this article is to shed some light on how this can be done.
Topics covered are:
- Autorun.inf Structure
- Setting a Custom Icon
- Naming Your USB Drive
- Setting AutoPlay Options
- Adding Context Menu Items
- Changing Default Action
- Viewing a File
- School’s Out, Time To Play!
Unfortunately, the author doesn’t have anchors set at each heading, or I would link you directly to each section. Fortunately, the entire article is brief and pretty easy to follow, so this isn’t a big negative in the article layout.
USB key break-ins are a real security threat, and this kind of tutorial helps you make the security breach even easier if you are in to that kind of thing. Whether you depend on natural curiosity to cause the breach or use something like the above-linked tutorial to get a tool running and stealing what you need from your victim, the USB key is handy. This also means you should be aware that the bad guys are learning (or already know) these things and will use them to attack you some day.
So to end, the next natural question for you, the reader, should be “How do I stop this vulnerability from impacting my system/network/company?” now. Well, there are many places that have the answer. I haven’t found one that I would point out as The best way to do this – this Microsoft technet article has the necessary information if you already know your way around the registry, as does this more concise and clearer article. Other helpful points include this CD-Freaks forum post asking that question, as does this web site that seems to focus on autorun features/bugs/benefits. That last one is probably the clearest, so may be the one I point folks to in the future.
[tags]USB autorun, USB keys, Security, DIY, Daily cup of tech[/tags]