Home > Ask the Security Experts > Information Security Threats Questions & Answers > Should the contents of a USB token be copied to a hidden directory called 'IEDW?'
Ask The Security Expert: Questions & Answers
EMAIL THIS

Should the contents of a USB token be copied to a hidden directory called 'IEDW?'

Ed Skoudis EXPERT RESPONSE FROM: Ed Skoudis

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 28 February 2007
Whenever I insert my pen drive in a USB port to take a printout of a required document, I find that the entire contents of the pen drive have been copied to a hidden directory named "IEDW" located in winddowssystem32 directory. This is the same case as when I use a CD-ROM drive on my PC. Is this an indication of spyware?

>
EXPERT RESPONSE
It's unclear if this is spyware, but it is certainly a cause for concern. There are reports of a Trojan horse backdoor that uses a directory with this name. There is no mention, however, of it copying the stuff from a USB token or CD. The name iedw usually refers to an element of Internet Explorer. But in a normal Windows system, there should be a file called iedw.exe, not a folder. While there is a history of some malware calling itself iedw.exe, I have seen nothing that uses this as a directory name.

Thus, I urge you to be extra cautious. Run a thorough antispyware and antivirus scan of your machine and the USB token itself, preferably using two antispyware tools. Then, if everything still comes up clean, try using the USB token on another computer and see if the same thing happens. If it doesn't, I recommend a reinstall of Windows on the first computer.

More information:

  • Are USB drives a serious enterprise risk? Expert Michael Cobb sets the record straight.
  • Read a chapter on database Trojans.


    • Sound Off! -   


    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Information Security Threats
    What are the dangers of cross-site request forgery attacks (CSRF)?
    Should social engineering tests be included in penetration testing?
    What kind of data is compromised during a Google hack?
    Best practices for using restriction policy whitelists
    Defining mobile device security concerns
    What security measures can be taken to stop crimeware kits?
    What software development best practices can prevent input validation attacks?
    What is the most secure way for application developers to manage cookies?
    Is there a market for standalone antivirus products?
    Can 'herd intelligence' effectively stop malware?

    Spyware, Adware and Trojans
    Stolen data ending up in Google cache, say researchers
    Information security book excerpts and reviews
    Yahoo, McAfee to warn users of dangerous websites
    Botnets and ethics
    Security Services: Webroot Email Security SaaS
    Interview: Jim Kirkhope of NCR
    Trojan downloaders, droppers skyrocket, Microsoft says
    Kraken botnet balloons to dangerous levels
    New Storm attack exploits April Fool's Day
    Panda latest AV firm trying to adapt with the times
    Spyware, Adware and Trojans Research

    Mobile Code
    Information security book excerpts and reviews
    When will attackers go mobile?
    Kaminsky on DNS rebinding attacks, hacking techniques
    Discovery of malware cesspool triggers attack fears
    Are USB storage devices a serious enterprise risk?
    Controlling U3 smart drive use in the enterprise
    Mobile carriers admit to malware attacks
    Dozens of Web sites spread malicious Trojan
    Do USB memory sticks pose enterprise threats?
    Platform Protection: Security Issues for Mobile Devices

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    barnacle  (SearchSecurity.com)
    botnet  (SearchSecurity.com)
    browser hijacker  (SearchSecurity.com)
    crimeware  (SearchSecurity.com)
    DSO exploit  (SearchSecurity.com)
    government Trojan  (SearchSecurity.com)
    I-SPY Act  (SearchSecurity.com)
    keylogger  (SearchSecurity.com)
    PUP  (SearchSecurity.com)
    talking Trojan  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice

    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts