This Windows worm evolved into slinging ransomware. Here's how to detect it Raspberry Robin, a worm that spreads through Windows systems via USB drives, has rapidly evolved: now backdoor access is being sold or offered to infected machines so that ransomware, among other code, can be installed by cybercriminals. In a report on Thursday, Microsoft's Security Threat Intelligence unit said Raspberry …
Like telling people not to pick up random USB memory sticks, not to click on random links and not to let things auto-run?
These are hardly new threat vectors and, aside from the last, not a lot MS can do about them!
(Yes, saw the bit about other ways to get infected, but without any more info on how, there is nothing to say about those)
Well Micros~1 could disable auto-run from USB sticks as the default.
Auto-run only being active for identified USB sticks (e.g. using some hash on the auto-run command) after it was authorized once after acknowledging a security warning would stop a lot of attacks on users not aware of this attack vector.
A trade off between security and convenience - what will win?
We've been telling everyone in earshot to switch off autoplay ever since the blasted "feature" was enabled for floppy drives, some - what, 35 years ago?
But software vendors and customers complained it made it "too hard to install software". Then it was "so much better" that you could also just put a music CD in and have it play.
Then we got USB playing the same tricks, to the delight of all the vendors at commercial shows (boats, cars, drugs - not just computers) with their advertising on "free" memory sticks.
And the *entire* time, autoplay was also being used to install trojans, viruses and rootkits (everyone wave at Sony).
Unless the Users get a damn great kickup the backside, their demand for convenience is going to stay. Sorry, this one I've given up blaming MS for, the Users want it. Blast them.
>Auto-run only being active for identified USB sticks (e.g. using some hash on the auto-run command)
But that would require the USB drive to be scanned in its entirety (including free space) so as to generate a hash which could be used to confirm contents haven't changed since last usage on that specific system.
Obviously, I (or Windows automatically) copy a file onto that USB stick and it will have a new hash...
Apple disabled their equivalent of Auto-Run in 1997-8, when the Auto Start Worm arrived. Apparently some Windows fanboi was butt-hurt by all the Apple ads saying that Power PC CPUs did twice the work per clock cycle than Intel CPUs (which wasn’t quite true, but close enough to annoy some Crapple haters) and created malware which cut PPC speeds by half. It installed using Apple’s Auto Start feature. Apple issued a fix which turned Auto Start off, killing the malware.
Microsoft has turned Auto Run off by default… it took them over a decade to do it, but they did. Some idiots turn it back on. I hate to say it, but this one isn’t Microsoft’s fault. This one is purely local, either PEBCK or, worse, lazy administrators who implemented stupid policies.
I have disabled anything resembling Auto Run on all hardware that I control. Several users have asked me to enable it. I have a form stating that I will do that, if they take responsibility for any malware that gets onto the system and/or network as a result. For some reason nobody signs it. Pity, that.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
