OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: USB delivered attacks

From: Fred Gravel (mindedsmasherhotmail.com)
Date: Wed Jun 02 2004 - 15:02:14 CDT


And after some search ... autorun is possible on a usb storage device... as
it explained just below ...

http://www.microsoft.com/whdc/device/storage/usbfaq.mspx
Q: What must I do to trigger Autorun on my USB storage device?
If you need to make a USB storage device that executes Autorun, the
following two conditions must both be true:

Media must be marked as removable.

The device can be set to either static or removable.

We associate the "removable" nature of a device with the bus that it resides
on. This means that a disk on an Integrated Device Electronics (IDE) or SCSI
bus would be considered fixed, whereas a disk on a USB or IEEE 1394 bus
would be regarded as removable by default. PnP uses a bit in the
DEVICE_CAPABILITIES structure to determine this. For more information, see
the DEVICE_CAPABILITIES Plug and Play Structure in the Windows DDK, located
at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/kmarch/hh/kmarch/k112_22r6.asp.

The "removable" nature of media is a property of the device. For example, in
the case of a CD-ROM or a ZIP drive, the medium can be removed without the
device itself going away, but on the other hand the medium and the disk
cannot be separated on static storage PC cards. We obtain this information
by using the StorageDeviceProperty request. For more information, see the
STORAGE_DEVICE_DESCRIPTOR Storage Structure in the Windows DDK, located at
http://msdn.microsoft.com/library/en-us/storage/hh/storage/k306_00qa.asp.

----
Also the autorun could be used in "cooperation" of the desktop.ini file
included in the folder(s) on the usb storage device if needed...

_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page FREE
download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/