T 4.23 Automatic recognition of removable data media

Many operating systems such as Windows can automatically detect CD-ROMs, DVD-ROMs, and other removable data media and automatically execute applications stored on them. For example, a film is often played directly when a Video DVD is inserted. A removable media could be manipulated in a way that malicious software is executed and installed when the removable media is inserted or connected.

Automatic recognition under Windows

The Windows Autorun function automatically detects a data medium when it is mounted and attempts to call the programs stored on the data medium. Under Windows, media with films or music are often played automatically by means of the Autoplay function.

The Windows operating systems evaluate the contents of the AUTORUN.INF file stored in the root directory of the data medium to do this since it contains the information necessary to start the corresponding programs. This file can automatically execute any program stored on the CD-ROM or DVD-ROM (including those with a damaging function).

The Autorun dialogue commonly available in Windows, which offers users the ability to select how contents on the removable data media should be started, does not offer any protection in this case since malicious software nowadays will have already executed the operations necessary to infect the computer by the time this dialogue is started.

Automatic recognition under other operating systems

Unix operating systems such as Linux or Mac OS X also offer functions to automatically mount removable media and to start scripts or applications stored on the medium. Depending on the operating system environment, it is, for example, possible to execute the AUTORUN.INF file known from Windows, supplemented by additional content.

Example:

© Federal Office for Information Security. All rights reserved.