Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Full-Disclosure] USB risks - working autorun example (fwd from pen-test)

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 22 Mar 2006 10:38:45 +1200
Pego, Victor wrote:


I need to figure out how to autorun a file on a USB flash pen drive.


My limited understanding of how this works is that either you have to 
change the default configuration of the target machine(s) so they will 
autorun removable drives (that's simply a registry tweak in Windows, 
but may require driver changes in other OSes??) OR you need a USB 
device that "lies" about its device type.


... but there are companies who sell the pen
 drives with autorun software or something, they promote it.  ...


I believe that these devices work through the latter method.  That is, 
although they are "physically" USB pen drives, they tell the USB 
interface that they are CD drives.  As most modern machines autorun CDs 
by default, these devices can carry autorunnable code.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: