I came across something very disturbing a few minutes ago, and I think the world really needs to know about it. I know you all know that Windows is horribly vulnerable to every PC malady that has ever existed, but here's one that is basically built-in on purpose by Microsoft.
This particular exploit utilizes the built in autorun.inf 'feature' in all recent versions of Windows to run its payload, whose source code can be seen at QuantumG's site where I Stumbled Upon it. What the code does, is basically as soon as you insert the flash drive containing this program, opener.exe, and the 4 lines in autorun.inf, it will find any other removable drives, copy itself onto them, and hide itself. The actual process goes like this:
- Open an explorer window for the drive we're running from.
- Make sure there is only one copy of opener.exe running.
- Scan the available drives for any that are removable.
- Check that there is some free space on the drive.
- Check that the drive doesn't already have an autorun.inf.
- Dump the following into autorun.inf:
[autorun]
This creates a new shell command which I've just randomly named "Eject" and, importantly, makes it the default action.
shell\eject=Eject
shell\eject\command=opener.exe
shell=eject - Write a copy of opener.exe to the drive.
- Mark both autorun.inf and opener.exe as hidden.
- Do any other removable drives we can find.
- Wait about a minute.
- Go back to step 3.
Original site at http://rtfm.insomnia.org/~qg/opener.php
Image courtesy of Francois Thé
0 comments:
Post a Comment