How easy is it for malware to write to cd-rom?

I was wondering how long from when you insert a cd-rw that is still writable into tray, it would take for "top-notch" malware to write. I mean they can write to a cd right, start up the imapi service and all, can they do it as soon as you insert the media, just as easy as usb memory stick?

 

I'm sure it's possible, but I don't know that there's really any reason to. The thing is that it would need to instruct it to burn the CD after putting the files on that drive, just as you have to when burning a CD.. if you then used another program to burn more files in addition to that, you would need to import that first session in order to retain that first track.. otherwise it's just going to write a new file table that does not include the malware, and the malware would be as good as gone. If it wrote something to the disk after you already had something on it, all you'd have to do is import that first session again, and it would effectively erase the malware.

The bigger danger is really that something would infect the files that you are burning to disk. This is why programs like Nero offer to virusscan the files before burning them. As long as you secure the rest of your system against malware in general, I really wouldn't worry too much about the CD burner

 

Thank you Notok, can you answer one more for me. It is totally different ballgame with flash memory stick right? Way easier right?

 

Correct, a flash memory stick gets written to just like any other drive. I still haven't really heard of anything affecting USB drives, but I suppose it is possible. Right now, though, I wouldn't worry about it too terribly much, anything that's going to infect your system will start with the C:. As long as you have good overall protection, there's no need to focus on those kind of areas, IMO.

 

Notok, why is prevx at the bottom of your posts? This is something similar to antihook or wormguard? Do you recommend trying, I read some not necessarily bad reviews but very mediocre but they were on download.com home to many rookies. What say you?

 

That's there as part of my signature, so it gets put on the bottom of every post I make (you'll find most people here put their favorite products in their signature). Prevx1 is new, and very different from Home or Pro. It's got a lot of added features and was pretty much rewritten since the Home/Pro days, so it's a lot better on resources, and everything else everyone had issues with. There's another discussion on it here, if you want more information on how it works. I did a lot of beta testing for Prevx, and really came to like the product.. this version more than Home/Pro.