Categorized | Hardware, Quick Tips

USB Thumb Drives Can Pose a Threat To Your Machine

Have you ever found a USB stick in the lobby of a hotel?  Perhaps there are two or three in a pile or on a display that asks you to “take one”.  Maybe you work at a company and someone has dropped of a pamphlet or flier for a product and left a USB thumb drive behind with “literature” about the product.

Bad guys do this kind of thing all the time.  Security experts will tell you that it is an easy way to get infected with a virus, or have a trojan program spread to your or your company’s network.

This exploit works by utilizing the AutoRun feature that is triggered by inserting a thumb drive in an available USB port (Windows only).  Those drives that have programs on them are told to run via a configuration file that has been placed at the top level of the drive’s file system.OLYMPUS DIGITAL CAMERA

Let’s look at how this might work:

  • The executable program that the bad guys want to have run is placed on the thumb drive (say the file is called “install_bad_software.exe”).
  • A file is created called “Autorun.inf” with a few lines of text indicating which file to run.
  • The USB thumb drives are distributed in various ways – i.e. left at company or hotel lobbies.
  • Once you place the USB thumb drive into your PC, the file is executed and you are well on your way to installing malicious software.

Here is an example of an Autorun.inf file.  They can be quite simple.


Another trick that is used is to direct you to a website that will install a virus or trojan.



You can prevent AutoRun from kicking off any programs by simply holding down the <SHIFT> key while inserting the drive in your computer.

Just beware of those “free”, flashy looking USB drives that you may find lying around. They could be dangerous. Just remember to use the <SHIFT> key when inserting.

Photo by inya.

This post was written by:

- who has written 66 posts on It Does Compute.

Contact the author

3 Responses to “USB Thumb Drives Can Pose a Threat To Your Machine”

  1. I don’t understand why anyone would plug a thumb drive in their computer that they didn’t know where it originated. The inherent danger that comes with just randomly plugging in something that could destroy your local computer and network is amazing.

  2. Dave says:

    Im sure we all know, sometimes people can be amazingly stupid! At least try it in a work pc 1st 😛

  3. “You can prevent AutoRun from kicking off any programs by simply holding down the key while inserting the drive in your computer”
    I always do this way. It works fine and stop viruses.


Related Sites