Though the title makes USB viruses sound very exotic, I have found that they are in fact more common in Africa than elsewhere. Ask yourself: how often have you connected a USB pen drive to a friend’s computer and come back home with a nasty virus inside? I’d gather internet café machines and other shared resources (conference room machines) are good hot spots for these pesky little things, but I have never, not once had this problem myself! You wouldn’t think an entire continent would suffer any more than everywhere else.
This is however the case. Working closely with researchers all over the world, I have yet to see as many USB virus infections as I do on the machines that are working in or coming back from Africa. This applies to countries as varied as Congo and Sierra Leone to the "western" regions near South Africa. But then consider this fact: There is no wide-spanning internet access in Africa yet.
;wenta mal ahlak yabnel mekaka lol ma2sodaksh enta ya
zaky yalla kol sana wenta tayebjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.
action=Open folder to view files
The viruses are as simple as an .exe (usually with preceding extension such as .pdf.exe) that an Autorun.inf file links to. See the example above gathered from the field. Then the .exe replicates itself and its backdoors throughout the system and any new USB devices connected thereafter. I’d be thankful for any interpretation of the comment though I’m not sure what language it is.
The infection relies on the improper handling of USB mass storage devices on Microsoft Windows, and as every other "feature" has a name; Auto-run or Autoplay. To properly disable auto-run in Windows XP you must run gpedit.msc and turn off Auto-play for removable drives (can be applied to CDs and other peripherals as well). This does not work on machines under an AD domain unless specified to do so, making it a real treat for virus writers. There are registry hacks (below from techrepublic) to turn off Auto-run, but they are less than solid:
- Navigate through the Registry Editor to HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
- Create a DWORD named NoDriveTypeAutoRun
- Set the value to 000000FF
My point of writing this, however, is more about the realization that Jurassic Park meme "Life finds a way" also pertains to computer viruses. This kind of virus is no more eloquent than the old 3.5" floppy viruses we had as kids but that was years ago, way before everyone had internet, and the preferred way of sharing information was the sneakernet. Now, if you could track these simple viruses, which could be a simple crowdsourcing task, you’d see the immense work of a long living human chain across the African continent sometimes stretching as far as Oslo, Norway; and you gotta wonder what could be done if they carried something more useful than viruses with them. The USB pendrives are to inter-state Africa what the internet is to our world.
And a warning to the worried: USB viruses will only advance with processes running unscrutinized as Human Interface Devices (irongeek.com) that is; as keyboards, mouse and peripherals as opposed to blockable mass storage devices.