AutoPlay - Fun and social engineering

This is something that Microsoft needs to fix in Windows 7.

This is something that Microsoft needs to fix in Windows 7.

Downadup's autorun.inf file uses an action keyword and icon extracted from shell32.dll to produce the following:

windows_vista_open_folder_to_view_files.png

The category is "Install or run program" but the text and icon are for "Open folder to view files".

The first option will run Downadup, not good. The second "general" option is the choice that will safely open the USB drive.

Being curious, we tried this autorun.inf with Windows 7:

windows_7_open_folder_to_view_files.png

And the results for Windows 7 were the same as Vista's.

It really shouldn't be that easy to game the AutoPlay feature. Microsoft needs to fix this.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All