Alert

Removable Media Security Practices

Last Revised

US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that has autorun enabled, the system may become infected with this malware with no additional interaction from the user. Autorun is enabled by default.



US-CERT encourages users and administrators to consider implementing the following best security practices to help mitigate the risks associated with this type of issue:

  • Disable autorun in Windows.
  • Maintain up-to-date antivirus software.
  • Maintain up-to-date hardware, operating systems, and software by applying security patches, fixes, and updates.
  • Perform virus scanning of the removable media devices prior to each use.

Information about disabling autorun in Windows, including a fix-it tool, can be found in Microsoft knowledgebase article 967715.

This product is provided subject to this Notification and this Privacy & Use policy.