Home > Ask the Security Experts > Expert Archive: Information Security Threats Questions & Answers > Should the contents of a USB token be copied to a hidden directory called 'IEDW?'
Ask The Security Expert: Questions & Answers
EMAIL THIS

Should the contents of a USB token be copied to a hidden directory called 'IEDW?'

Ed Skoudis EXPERT RESPONSE FROM: Ed Skoudis

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 28 February 2007
Whenever I insert my pen drive in a USB port to take a printout of a required document, I find that the entire contents of the pen drive have been copied to a hidden directory named "IEDW" located in winddowssystem32 directory. This is the same case as when I use a CD-ROM drive on my PC. Is this an indication of spyware?

>
EXPERT RESPONSE
It's unclear if this is spyware, but it is certainly a cause for concern. There are reports of a Trojan horse backdoor that uses a directory with this name. There is no mention, however, of it copying the stuff from a USB token or CD. The name iedw usually refers to an element of Internet Explorer. But in a normal Windows system, there should be a file called iedw.exe, not a folder. While there is a history of some malware calling itself iedw.exe, I have seen nothing that uses this as a directory name.

Thus, I urge you to be extra cautious. Run a thorough antispyware and antivirus scan of your machine and the USB token itself, preferably using two antispyware tools. Then, if everything still comes up clean, try using the USB token on another computer and see if the same thing happens. If it doesn't, I recommend a reinstall of Windows on the first computer.

More information:

  • Are USB drives a serious enterprise risk? Expert Michael Cobb sets the record straight.
  • Read a chapter on database Trojans.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Spyware, Adware and Trojans
    Clickjacking details released after attack proof-of-concept emerges
    Product Review: Sophos Endpoint Security and Control 8.0
    Researchers develop cloud-based antivirus
    Web advertising exploits: Protecting Web browsers and servers
    SaaS startups enter Web security gateway market
    Ransomware: How to deal with advanced encryption algorithms
    Stolen data ending up in Google cache, say researchers
    Information security book excerpts and reviews
    Yahoo, McAfee to warn users of dangerous websites
    Botnets and ethics
    Spyware, Adware and Trojans Research

    Mobile Code
    Smartphones opening up enterprise risks
    Information security book excerpts and reviews
    When will attackers go mobile?
    Kaminsky on DNS rebinding attacks, hacking techniques
    Discovery of malware cesspool triggers attack fears
    Are USB storage devices a serious enterprise risk?
    Controlling U3 smart drive use in the enterprise
    Mobile carriers admit to malware attacks
    Dozens of Web sites spread malicious Trojan
    Do USB memory sticks pose enterprise threats?

    Expert Archive: Information Security Threats
    Are there antivirus suites that pick up more than just run-of-the-mill viruses?
    What tools can a hacker use to crack a laptop password?
    Are social networking sites an easy target for malicious hackers?
    What are the dangers of cross-site request forgery attacks (CSRF)?
    Should social engineering tests be included in penetration testing?
    What kind of data is compromised during a Google hack?
    Best practices for using restriction policy whitelists
    Defining mobile device security concerns
    What are the risks associated with RIM's line of PDAs?
    What security measures can be taken to stop crimeware kits?

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    barnacle  (SearchSecurity.com)
    botnet  (SearchSecurity.com)
    browser hijacker  (SearchSecurity.com)
    crimeware  (SearchSecurity.com)
    DSO exploit  (SearchSecurity.com)
    government Trojan  (SearchSecurity.com)
    I-SPY Act  (SearchSecurity.com)
    keylogger  (SearchSecurity.com)
    PUP  (SearchSecurity.com)
    talking Trojan  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts