Well, I don't have a USB storage dive handy at the moment, but I grabbed the closest CD I knew had an autorun.inf, the second I open the drive in Explorer, the open=setup.exe line excutes and I have setup.exe executing. Does seem to hard to get it to run without user knowledge.
> -----Original Message----- > From: Harlan Carvey [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 15, 2006 4:17 PM > To: Greg Merideth; George Njoku > Cc: Focus Microsoft > Subject: Re: Controlling specific USB devices on Windows XP > > > > Given the recent social engineering test with USB devices > left around > > a credit-unions lobby I would disagree. > > That "test" is suspect, as it doesn't provide nearly enough > information. By default, Windows does not parse the "load=" > or "run=" lines of an autorun.inf file from removeable media. > So, the question is, what about the "test" got the users to > run the Trojan on the USB devices? > > > > ------------------------------------------ > Harlan Carvey, CISSP > "Windows Forensics and Incident Recovery" > http://www.windows-ir.com > http://windowsir.blogspot.com > ------------------------------------------ > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
