The Honeynet project has picked up research by a German student to trap malware designed to spread via USB keys. USB-distributed malware – like Stuxnet and its bloated cousin, Flame – presents problems for network-based security, since they don’t spread through the network. The Bonn University student, Sebastian Peoplau, has …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 18th June 2012 02:10 GMT Anonymous Coward

USB Malware ?

Is it possible to disable the auto-running of code when you plugin a USB device under Windows?

0 1
1. Monday 18th June 2012 02:16 GMT Richard Chirgwin
  
  Re: USB Malware ?
  
  In my understanding, the "autorun" from USB can be disabled, yes.
  
  However, Windows system-level messages - such as the notification that a removable device has been plugged in - are not the same thing. A message such as this is what the malware uses to decide that a USB key is present, and therefore available to be infected.
  
  0 0
  1. Monday 18th June 2012 03:00 GMT Ole Juul
    
    Re: USB Malware ?
    
    I guess that cp /tmp/virus /dev/da4s1 (or similar) should work once the mounting event has been detected, so even a non Windows machine could propagate even though it wouldn't run.
    
    0 0
  2. Monday 18th June 2012 09:21 GMT Anonymous Coward
    
    Re: USB Malware ?
    
    The point is to have on board all available security measures *before* the original infection can be transmitted; this involves disabling autorun on installation and also installing security software and other security procedures before the system has any contact with anything bar MS update and updates for appropriate security software. The admin has to institute a number of blindingly obvious security procedures, password protect admin use, disable booting from CDs/DVDs (I can sniff a password easily that way) and so on. Doing these things from the start will prevent the fecker from installing and thus ever detecting the presence of a USB device, autorun or not.
    
    0 0
2. Monday 18th June 2012 09:17 GMT Anonymous Coward
  
  Re: USB Malware ?
  
  Yes. Either by editing the registry/using something like Tweak UI in older versions of windows, or using the supplied tweaks with later OSs, if not already implemented. It is always best to check.
  
  0 0
Monday 18th June 2012 04:46 GMT Ydo Ibother

Is it possible that these worms are being distrubuted via the device drivers of dodgy USB sticks and USB adapters. I bought a USB to SDCARD adapter for 1 cent on eBay, delivered from China. Makes me wonder what else I got for my money?

0 0
1. Monday 18th June 2012 05:11 GMT Anonymous Coward
  
  @Ydo Ibother- (Un)-Trusted Media?
  
  I set/keep auto-run off on all my boxes, and zero-out and re-format every new flash device and new floppy diskette (not too many of those, these days) before first use.
  
  Both accidental, and purposeful, malware contamination of manufacturer-supplied media has happened before.
  
  0 0
  1. Monday 18th June 2012 06:24 GMT Ydo Ibother
    
    Re: @Ydo Ibother- (Un)-Trusted Media?
    
    Autorun, as I understand it, won't prevent the drivers (read firmware) for a device from installing. That's the code that windows loads in order to recognize the device. I have done some searching for on this a while back but couldn't find much.
    
    0 0
2. Monday 18th June 2012 09:23 GMT Anonymous Coward
  
  "Is it possible that these worms are being distrubuted via the device drivers of dodgy USB sticks and USB adapters. "
  
  Quite possible if you remember that there have been instances of 'shrink wrapped' malware/viruses.
  
  0 0
Monday 18th June 2012 05:26 GMT Anonymous Coward

Ahhh so that's why...

...the Government 'loses' so many USB keys on public transport.

It's all a part of their insidious master plan to seed the world with their black ops!

0 0
1. Monday 18th June 2012 08:33 GMT Ole Juul
  
  Re: Ahhh so that's why...
  
  Since Stuxnet, plugging in a USB key can probably be considered an act of war.
  
  0 0
Monday 18th June 2012 05:59 GMT Christian Berger

So... if that should become popular

The first routine in new malware will be to detect that piece of software, and to stop infecting that, probably easily detectable, USB device.

But it won't become popular as it'll interfere with thousands of badly written auto-backup features which just wait for an USB-stick to be plugged into the PC and then back up data.

1 0
Monday 18th June 2012 08:13 GMT Scott Broukell

Maybe the letters USB ...

Should stand for;

U

S ure

B out this ?!

And should be heeded whenever such a device / drive is connected to ANY machine. Just saying.

2 0

This topic is closed for new posts.

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

User topics

Article topics

Honeynet looks to trap USB malware

COMMENTS

USB Malware ?

Re: USB Malware ?

Re: USB Malware ?

Re: USB Malware ?

Re: USB Malware ?

@Ydo Ibother- (Un)-Trusted Media?

Re: @Ydo Ibother- (Un)-Trusted Media?

Ahhh so that's why...

Re: Ahhh so that's why...

So... if that should become popular

Maybe the letters USB ...

Other stories you might like

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products

Microsoft squashes SmartScreen security bypass bug exploited in the wild

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

Malicious xz backdoor reveals fragility of open source

H-1B visa fraud alive and well amid efforts to crack down on abuse

Feds probe alleged classified US govt data theft and leak

Feds finally decide to do something about years-old SS7 spy holes in phone networks

Rust developers at Google are twice as productive as C++ teams

It's 2024 and Intel silicon is still haunted by data-spilling Spectre

Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways

French issue alerte rouge after local governments knocked offline by cyber attack

Apple's GoFetch silicon security fail was down to an obsession with speed

About Us

Our Websites

Your Privacy