While visiting another forum I noticed some rather long-winded or 3rd party utility based suggestions to keep malware from replicating via flash drives. I was then reminded of a very old and lost blog entry I should repost.
Malware can spread to flash drives in several different ways from an infected system, but you really only need to worry that it can leave the flash drive otherwise the presence of malware files on the flash drive is harmless. Malware will try to leave the flash drive to (re)infect a system by automatically executing itself using autorun/autoplay.
While most people seem to think disabling autorun/autoplay on a user’s system is a good option, I don’t like modifying the behavior of end user’s systems if I can help it to avoid later confusing the end user, plus it’s a hassle you don’t need to go through.
Autorun only knows to execute a file (i.e. a special run menu, or *ahem* the malware) via it’s statement in the autorun.inf file in the root directory of your flash drive. Malware will either write, modify, or overwrite this file. So I like to do what I call creating a flash drive condom…
- Delete the autorun.inf file from the root of your flash drive if it exists.
- Create a new folder named autorun.inf (yes you can create a folder with an extension!) By doing so, malware cannot modify or create the autorun.inf file as a folder already exists with the same name. If the malware tries to delete it first, thinking it is a file, it will fail.
Done! Feel free to plug in that flash anywhere you go!