I went to a company for a friend yesterday as he was away and they had an issue with internet connectivity.
Its a fairly big business and a complicated network setup, so I took my time, figured out the problem and got it resolved.
Whilst I was there one of the managers asked if I could have a quick look at an issue with a digital camera, the problem was although there were pictures on the camera several of the PC’s were unable to view them.
First thing I do is plug the digital camera into my laptop which then flashed up, very briefly the AutoPlay box, this then disappeared and as with the other computers I was unable to view the files.
I pretty much knew instantly that it was malicious but before I knew it my laptop was infected, no access to registry, task manager and folder options.
I’ve cleaned it up without too much fuss but it just goes to show that you can never be too careful when it comes plugging in removable media.
The most frightening thing about this is the antivirus system on the the corporate network and on my laptop didn’t detect or prevent the spread of this. It has to be said that I will be looking for a new antivirus.
One of the things that I do to help with that issue is I have setup a VMWare VM with Linux loaded on it. The reason I use VMWare is because it detaches the USB drive from the base operating system and attaches it to the virtual machine. This makes it so that the USB stick or flash card does not actually make contact with the host os, only the virtual machine’s os. In all of the cases so far, I have been able to remove malicious files without issue. Take care.