CN101178762A - Method for inhibiting virus spreading through movable memory apparatus and movable memory apparatus thereof - Google Patents
Method for inhibiting virus spreading through movable memory apparatus and movable memory apparatus thereof Download PDFInfo
- Publication number
- CN101178762A CN101178762A CNA2007101250911A CN200710125091A CN101178762A CN 101178762 A CN101178762 A CN 101178762A CN A2007101250911 A CNA2007101250911 A CN A2007101250911A CN 200710125091 A CN200710125091 A CN 200710125091A CN 101178762 A CN101178762 A CN 101178762A
- Authority
- CN
- China
- Prior art keywords
- storage device
- movable storage
- file
- virus
- inhibition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method used for restraining spreading virus through a mobile storage device, comprising the following steps: a special storage space is arranged at the mobile storage device, and a document named Autorun.inf which can not be modified and deleted is put in the special storage space. The invention can restrain spreading virus through the mobile storage device efficiently, thus the mobile storage device is not affected by the virus of a flash memory, needs no professional anti-virus tool and is easy to fulfill.
Description
Technical field
The present invention relates to computer security technique, relate in particular to method and movable storage device that a kind of inhibition utilizes the movable storage device transmitted virus.
Background technology
Along with popularizing of movable storage devices such as USB flash disk, portable hard drive, storage card, utilize the method for movable storage device transmitted virus also to spread unchecked thereupon.Recently, the main path that movable storage devices such as claiming USB flash disk has become virus and the propagation of malice trojan horse program is announced in national computer virus processing enter issue.
The above-mentioned method of movable storage device transmitted virus such as USB flash disk of utilizing generally is referred to as USB flash disk virus, claim Autorun virus again, USB flash disk virus has a variety of, but its common ground is exactly, present USB flash disk virus is all invaded and is propagated by the AutoRun.inf file, described Autorun.inf file is a kind ofly can to move (information) file by the CD that notepad is opened automatically, and this document only need just can move the executable file of its sensing automatically by simple editor.The Autorun.inf file itself is a normal file, but its this function utilized by virus document, just is being widely used in the propagation of various viruses, illustrates as follows:
If there is a movable storage device to infect certain USB flash disk virus, its virus abc.exe by name, then in this movable storage device, must there be file Autorun.inf and abc.exe, described Autorun.inf file is opened with notepad, can see following code with hiding attribute:
[Autorun]
open=abc.exe
Shell open=open (﹠amp; 0)
Shell\open\comand=abc.exe
Shell\open\default=1
Shell explore=explorer (﹠amp; X)
Shell\explore\comand=abc.exe
The effect of above-mentioned code is: no matter be to open movable storage device with right mouse button, still check content in the movable storage device with explorer, perhaps open this movable storage device with relevant shortcut, its consequence all is to move described abc.exe virus document automatically, and the abc.exe file is once operation, then at first duplicating Autorun.inf and abc.exe file enters under each drive root directory, thereby cause opening arbitrary drive of computing machine, all will move Virus once, and Virus then duplicates Autorun.inf file and self abc.exe file once operation, so circulation.
And if a computer infected USB flash disk virus abc.exe, then under its root directory, must there be file Autorun.inf and abc.exe with hiding attribute, this moment is if be connected normal movable storage device with this computing machine, then as long as double-click is opened or right button is opened or explorer is checked local disk, computing machine all can duplicate a Autorun.inf and abc.exe file in movable storage device, and the movable storage device that has Autorun.inf and abc.exe file is connected with other computing machines, also will duplicate a Autorun.inf and abc.exe file automatically and enter under each drive root directory.
As mentioned above, USB flash disk virus comes to this and ceaselessly propagates into movable storage device from a computing machine by the Autorun.inf file, propagates into another calculating from movable storage device again and adds, and propagates into another movable storage device from another computing machine again.
Summary of the invention
Technical matters to be solved by this invention is: the method that provides a kind of inhibition to utilize the movable storage device transmitted virus, this method can effectively suppress to utilize the virus of movable storage device propagation, need not special-purpose virus killing instrument, simple.
The further technical matters to be solved of the present invention is: the movable storage device that provides a kind of inhibition to utilize the movable storage device transmitted virus, this movable storage device can not be subjected to the influence of USB flash disk virus, and can effectively suppress the propagation of USB flash disk virus in the computing machine.
For solving the problems of the technologies described above, the present invention adopts following technical scheme:
Described movable storage device is provided with a dedicated memory space, and contains the file that a file is called Autorun.inf and can't revises and delete at this dedicated memory space internal memory;
Wherein, described Autorun.inf file configuration has the operating instruction that points to the executable file in this dedicated memory space, and described executable file is used to close the risk port of the computing machine that is connected with this movable storage device.
Correspondingly, the invention also discloses the movable storage device that a kind of inhibition utilizes the movable storage device transmitted virus, described movable storage device is provided with a dedicated memory space, contains at this dedicated memory space internal memory:
One file Autorun.inf by name and the file that can't revise and delete;
Preferably, also store one in the described dedicated memory space and be used to close the executable file of the risk port of the computing machine that is connected with this movable storage device, and dispose the operating instruction that points to this executable file in the described Autorun.inf file.
The invention has the beneficial effects as follows:
Embodiments of the invention resist the USB flash disk poisoning intrusion by set up the gas defence file that can't revise and delete in movable storage device, make movable storage device not be subjected to the influence of USB flash disk virus, and the risk port that can shut down computer automatically, thereby effectively suppressed to utilize the virus of movable storage device propagation, make movable storage device not be subjected to the influence of USB flash disk virus, and need not special-purpose virus killing instrument, simple.
Embodiment
Utilize among the embodiment of movable storage device of movable storage device transmitted virus in inhibition provided by the invention, be provided with a dedicated memory space in the described movable storage device, described dedicated memory space internal memory contain file Autorun.inf by name and can't revise and delete file and one by the converted executable file that is used for the service of shutdown system risk of autoexec, and described Autorun.inf file configuration has the operating instruction that points to this executable file, thereby when this movable storage device is connected with computing machine, described autoexec can move automatically according to the configuration-direct of Autorun.inf file, to call the risk port that different orders such as SC.exe are shut down computer, for example close automatic operation, remote assistance, system risk services such as plan target, and attempt to duplicate its Autorun.inf file in movable storage device the time when USB flash disk virus, can't self-replacation because the Autorun.inf filename that exists in its filename and the movable storage device conflicts, automatically operation.
During specific implementation, can promptly directly described Autorun.inf file and executable file be write in the movable storage device file that writes in this way by writing the formula technology, Autorun.inf file and autoexec are deleted after format, and its gas defence function disappears thereupon.
In addition, also can pass through embedded technology, be about to described Autorun.inf file and autoexec and write a program voltage greater than 5V, operating voltage is less than programmable read only memory (the Read OnlyMemory of 4V, ROM), for example, an operating voltage is 3.3V, program voltage be in the flash memory (flashrom) of 12.5V after, (operating voltage is 3.3V with ROM and common flash chip, program voltage is the flashrom of 5V) be made in the USB flash disk, the file that writes in this way, even format can not be deleted described Autorun.inf file and autoexec, its gas defence performance is highly stable.
Utilize among embodiment of method of movable storage device transmitted virus in inhibition provided by the invention, a dedicated memory space is set, described dedicated memory space internal memory contain file Autorun.inf by name and can't revise and delete file and one by the converted executable file that is used for the service of shutdown system risk of autoexec, and described Autorun.inf file configuration has the operating instruction that points to this executable file, thereby when this movable storage device is connected with computing machine, described autoexec can move automatically according to the configuration-direct of Autorun.inf file, to call the risk port that different orders such as SC.exe are shut down computer, for example close automatic operation, remote assistance, system risk services such as plan target, and attempt to duplicate its Autorun.inf file in movable storage device the time when USB flash disk virus, can't self-replacation because the Autorun.inf filename that exists in its filename and the movable storage device conflicts, automatically operation.
During specific implementation, its Autorun.inf and autoexec can't revise and delete characteristic, can be by writing formula or embedded two kinds of technology realization, can't revise and delete characteristic by what write that the formula technology realizes, its characteristic will disappear after device formatization, the gas defence functional lability, and can't revise and delete characteristic and can not have stable gas defence performance with the device format disappearance by what embedded technology realized.
In sum, core of the present invention is to create the Autorun.inf file that can't revise and delete in movable storage device, and executable file of writing out with batch processing, wherein the existence of Autorun.inf file makes virus document can't reach the purpose of automatic operation, self-regeneration, propagate by the invasion of Autorun.inf file thereby effectively resisted USB flash disk virus, and the described executable file of writing out with batch processing has the function of shutdown system risk service.
The above is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also are considered as protection scope of the present invention.
Claims (10)
1. an inhibition utilizes the method for movable storage device transmitted virus, it is characterized in that, may further comprise the steps:
A dedicated memory space is set in movable storage device, and the file of depositing file Autorun.inf by name in the described dedicated memory space and can't revising and delete.
2. inhibition as claimed in claim 1 utilizes the method for movable storage device transmitted virus, it is characterized in that, described Autorun.inf file configuration has the operating instruction that points to the executable file in this dedicated memory space, and described executable file is used to close the risk port of the computing machine that is connected with this movable storage device.
3. inhibition as claimed in claim 1 or 2 utilizes the method for movable storage device transmitted virus, it is characterized in that, described executable file is converted by autoexec.
4. inhibition as claimed in claim 1 or 2 utilizes the method for movable storage device transmitted virus, it is characterized in that, described dedicated memory space is a programmable read only memory.
5. an inhibition utilizes the movable storage device of movable storage device transmitted virus, it is characterized in that, described movable storage device is provided with a dedicated memory space, and contains the file that a file is called Autorun.inf and can't revises and delete at this dedicated memory space internal memory.
6. inhibition as claimed in claim 5 utilizes the movable storage device of movable storage device transmitted virus, it is characterized in that, also store one in the described dedicated memory space and be used to close the executable file of the risk port of the computing machine that is connected with this movable storage device, and dispose the operating instruction that points to this executable file in the described Autorun.inf file.
7. utilize the method for movable storage device transmitted virus as claim 5 or 6 described inhibition, it is characterized in that described executable file is converted by autoexec.
8. as with all strength require 5 or 6 described inhibition to utilize the movable storage device of movable storage device transmitted virus it is characterized in that, described dedicated memory space is a programmable read only memory.
9. inhibition as claimed in claim 8 utilizes the movable storage device of movable storage device transmitted virus, it is characterized in that, the program voltage of described dedicated memory space is higher than operating voltage.
10. inhibition as claimed in claim 9 utilizes the movable storage device of movable storage device transmitted virus, it is characterized in that, the program voltage of described dedicated memory space greater than 5V, operating voltage less than 4V.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101250911A CN101178762A (en) | 2007-12-18 | 2007-12-18 | Method for inhibiting virus spreading through movable memory apparatus and movable memory apparatus thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101250911A CN101178762A (en) | 2007-12-18 | 2007-12-18 | Method for inhibiting virus spreading through movable memory apparatus and movable memory apparatus thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101178762A true CN101178762A (en) | 2008-05-14 |
Family
ID=39405012
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007101250911A Pending CN101178762A (en) | 2007-12-18 | 2007-12-18 | Method for inhibiting virus spreading through movable memory apparatus and movable memory apparatus thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101178762A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101944169A (en) * | 2010-07-22 | 2011-01-12 | 北京安天电子设备有限公司 | Immune method for self-starting viruses of USB removable storage devices |
| CN101833616B (en) * | 2009-03-11 | 2012-01-11 | 国民技术股份有限公司 | Mobile storing device and method for inhibiting computer viruses from being spread through same |
| CN107016285A (en) * | 2016-10-17 | 2017-08-04 | 深圳市安之天信息技术有限公司 | One kind propagates malicious code Activity recognition method and system using move media |
-
2007
- 2007-12-18 CN CNA2007101250911A patent/CN101178762A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101833616B (en) * | 2009-03-11 | 2012-01-11 | 国民技术股份有限公司 | Mobile storing device and method for inhibiting computer viruses from being spread through same |
| CN101944169A (en) * | 2010-07-22 | 2011-01-12 | 北京安天电子设备有限公司 | Immune method for self-starting viruses of USB removable storage devices |
| CN107016285A (en) * | 2016-10-17 | 2017-08-04 | 深圳市安之天信息技术有限公司 | One kind propagates malicious code Activity recognition method and system using move media |
| CN107016285B (en) * | 2016-10-17 | 2019-11-05 | 深圳市安之天信息技术有限公司 | It is a kind of to propagate malicious code Activity recognition method and system using move media |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11748468B2 (en) | Dynamic switching between pointer authentication regimes | |
| US5121345A (en) | System and method for protecting integrity of computer data and software | |
| Volckaert et al. | Cloning your gadgets: Complete ROP attack immunity with multi-variant execution | |
| EP0408689B1 (en) | System and method of protecting integrity of computer data and software | |
| Pappas | kBouncer: Efficient and transparent ROP mitigation | |
| US8209757B1 (en) | Direct call into system DLL detection system and method | |
| US7284276B2 (en) | Return-to-LIBC attack detection using branch trace records system and method | |
| Avijit et al. | TIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection. | |
| US10162965B2 (en) | Portable media system with virus blocker and method of operation thereof | |
| WO2005024630A1 (en) | False code prevention method and prevention program | |
| JP2002539523A (en) | How to monitor program execution | |
| GB2417579A (en) | Method for dynamically inserting code into a process by enabling taken branch traps to intercept a branch during the execution of the process | |
| US7287283B1 (en) | Return-to-LIBC attack blocking system and method | |
| CN107450964B (en) | Method for discovering whether vulnerability exists in virtual machine introspection system | |
| Lee et al. | Using CoreSight PTM to integrate CRA monitoring IPs in an ARM-based SoC | |
| Chen et al. | Pointer tagging for memory safety | |
| Piromsopa et al. | Secure bit: Transparent, hardware buffer-overflow protection | |
| US8065734B1 (en) | Code module operating system (OS) interactions intercepting system and method | |
| CN101178762A (en) | Method for inhibiting virus spreading through movable memory apparatus and movable memory apparatus thereof | |
| Piromsopa et al. | Survey of protections from buffer-overflow attacks | |
| JP4644820B2 (en) | A method for protecting the execution of a computer program, in particular on a smart card | |
| US7281271B1 (en) | Exception handling validation system and method | |
| US9026859B1 (en) | Safer mechanism for using pointers to code | |
| CN113032737B (en) | Software protection method and device, electronic equipment and storage medium | |
| CN102054141A (en) | Method for protecting computer information security by utilizing hardware switches |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned | ||
| C20 | Patent right or utility model deemed to be abandoned or is abandoned |