Feeds

back to article Honeynet looks to trap USB malware

The Honeynet project has picked up research by a German student to trap malware designed to spread via USB keys. USB-distributed malware – like Stuxnet and its bloated cousin, Flame – presents problems for network-based security, since they don’t spread through the network. The Bonn University student, Sebastian Peoplau, has …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

USB Malware ?

Is it possible to disable the auto-running of code when you plugin a USB device under Windows?

0
1
(Written by Reg staff)

Re: USB Malware ?

In my understanding, the "autorun" from USB can be disabled, yes.

However, Windows system-level messages - such as the notification that a removable device has been plugged in - are not the same thing. A message such as this is what the malware uses to decide that a USB key is present, and therefore available to be infected.

0
0
Silver badge

Re: USB Malware ?

I guess that cp /tmp/virus /dev/da4s1 (or similar) should work once the mounting event has been detected, so even a non Windows machine could propagate even though it wouldn't run.

0
0
Anonymous Coward

Re: USB Malware ?

Yes. Either by editing the registry/using something like Tweak UI in older versions of windows, or using the supplied tweaks with later OSs, if not already implemented. It is always best to check.

0
0
Anonymous Coward

Re: USB Malware ?

The point is to have on board all available security measures *before* the original infection can be transmitted; this involves disabling autorun on installation and also installing security software and other security procedures before the system has any contact with anything bar MS update and updates for appropriate security software. The admin has to institute a number of blindingly obvious security procedures, password protect admin use, disable booting from CDs/DVDs (I can sniff a password easily that way) and so on. Doing these things from the start will prevent the fecker from installing and thus ever detecting the presence of a USB device, autorun or not.

0
0

Is it possible that these worms are being distrubuted via the device drivers of dodgy USB sticks and USB adapters. I bought a USB to SDCARD adapter for 1 cent on eBay, delivered from China. Makes me wonder what else I got for my money?

0
0
Anonymous Coward

@Ydo Ibother- (Un)-Trusted Media?

I set/keep auto-run off on all my boxes, and zero-out and re-format every new flash device and new floppy diskette (not too many of those, these days) before first use.

Both accidental, and purposeful, malware contamination of manufacturer-supplied media has happened before.

0
0

Re: @Ydo Ibother- (Un)-Trusted Media?

Autorun, as I understand it, won't prevent the drivers (read firmware) for a device from installing. That's the code that windows loads in order to recognize the device. I have done some searching for on this a while back but couldn't find much.

0
0
Anonymous Coward

"Is it possible that these worms are being distrubuted via the device drivers of dodgy USB sticks and USB adapters. "

Quite possible if you remember that there have been instances of 'shrink wrapped' malware/viruses.

0
0
Anonymous Coward

Ahhh so that's why...

...the Government 'loses' so many USB keys on public transport.

It's all a part of their insidious master plan to seed the world with their black ops!

0
0
Silver badge

Re: Ahhh so that's why...

Since Stuxnet, plugging in a USB key can probably be considered an act of war.

0
0
Silver badge

So... if that should become popular

The first routine in new malware will be to detect that piece of software, and to stop infecting that, probably easily detectable, USB device.

But it won't become popular as it'll interfere with thousands of badly written auto-backup features which just wait for an USB-stick to be plugged into the PC and then back up data.

1
0
Megaphone

Maybe the letters USB ...

Should stand for;

U

S ure

B out this ?!

And should be heeded whenever such a device / drive is connected to ANY machine. Just saying.

2
0
This topic is closed for new posts.