Flash drive/CD autoplay command execution
Added: 04/07/2009Background
This tool allows you to create a USB flash drive which, when inserted into a Windows computer, prompts a user to run a program which creates a command connection. The program is disguised as the "Open Folder" option in the AutoPlay dialog to entice the user to run it.This tool can also be used to create a CD-ROM which, when inserted into a Windows computer, creates a command connection.
Resolution
First install the update for Windows 2000, Windows XP, Windows Server 2003, Windows Vista, or Windows Server 2008.Second, disable Autorun functionality by editing the Group Policy settings as described in Microsoft article 967715 or by setting the following registry key:
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
Value: NoDriveTypeAutoRun
Value Data: 0xff
References
http://www.us-cert.gov/cas/techalerts/TA09-020A.htmlLimitations
This tool requires a user to insert the flash drive and click on the program in the AutoPlay dialog in order to succeed.The target field must be a licensed target but is unused.
Platforms
WindowsBack to exploit index