infecting usb drives!!

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Driving me potty, it is now no longer safe to insert a usb drive into any
xp/vista machine that you suspect is infected, its become like the use of
floppies in the eighties and nineties.

Just bought myself some usb sticks with hardware write protection, hopefully
they will keep the viruses at bay.

Gaz



Re: infecting usb drives!!

Gaz wrote:

Quoted text here. Click to load it

Disable auto-play in Windows.  It's a security liability.  When you want
to run something from there, YOU start it after scanning it for malware
- but then if your anti-virus/malware program doesn't catch the pest in
a scan then it might not catch it using its real-time heuristics.  So
you might want to start considering using a security or anti-malware
product that implements HIPS (host intrusion protection system) but get
ready for the prompts.  You are in charge of what can load into memory
(from where it runs) but you need to understand the prompts.

Rather than be concerned about infecting the USB drives, be concerned
about infecting the host into which you plug them.  Disable auto-play.

Re: infecting usb drives!!

Gaz wrote:
Quoted text here. Click to load it

become??? it has always been like the use of floppies - it's only now
that average people are starting to wake up to that fact...

the lessons you learned from floppies can (and should) be applied to all
removable media - even things you might have never considered as
removable media, like digital cameras or mp3 players... basically
anything that can hold 'stuff' and plugs into your computer presents the
same (or equivalent) risk as floppies did back in the day...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: infecting usb drives!!

kurt wismer wrote:
Quoted text here. Click to load it

But hardware write locks are pretty rare on usb drives, unlike every single
floppy ever produced.

It is only recently though that the usb drive has been targeted...

Gaz



Re: infecting usb drives!!

Hi Gaz,

I know exactly what you=92re talking about. I've found even with auto-
run disabled I ended up contracting a virus just be inserting the disk
and then double clicking on the drive letter in explorer! Then has
taken me a day just to restore my laptop :(

Therefore I had enough and wrote a new application called VMON which
does the following:
1) Monitors for any inserted drive, finds if it has an auto run and
quarantines it
2) Can run commands on drive insertion (I've set it to automatically
scan the drive with AVG)
3) Monitors key system areas of your PC and quarantines, logs and
warns if a change occurs (helps stop Trojans and Viruses injecting
into system files)
4) Monitors the registry and warns & logs if a suspicious change
occurs (helps restore your system if a malicious application does get
installed)
5) Monitors the firewall and warns & logs if a change occurs (I found
one of the Trojans I picked up opened a port for itself)

You can download the software from:
http://www.lightningware.co.uk/software/details.asp?code=3DLWS-VMON

Cheers,

Gary



Re: infecting usb drives!!

In message
lightningware@gmail.com writes
Quoted text here. Click to load it
I downloaded it and it told me my trial period had expired! I don't even
get a chance to try it out
--
bertieboy

Re: infecting usb drives!!

Hi Bertieboy,

You should get 30days. I've just released this software so may be an
issue with your time zone or something. I have quite a few other users
that haven't hit this so I suspect a date issue.

If you visit my web site www.lightningware.co.uk you will see a link
to email me. I can then work out what the problem is.

Cheers,

Gary

Re: infecting usb drives!!

"Hi Gaz,
I know exactly what you’re talking about. I've found even with auto-
run disabled I ended up contracting a virus just be inserting the disk
and then double clicking on the drive letter in explorer! Then has
taken me a day just to restore my laptop :("

Here's why:
US-CERT alert on autorun:
Microsoft Windows Does Not Disable AutoRun Properly
http://www.us-cert.gov/cas/techalerts/TA09-020A.html

-jen




Re: infecting usb drives!!

Gaz wrote:
Quoted text here. Click to load it

actually, autorun malware has been around for several years now... it is
only recently that the threat has registered in the public consciousness...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: infecting usb drives!!


Quoted text here. Click to load it

I use an SD card inside a small reader, just bigger than a flash drive,
that I got from Newegg. If you flip the write-protect tab before inserting
the drive on a questionable system, there is no danger of the flash drive
becoming infected.



Re: infecting usb drives!!

Mike S. wrote:
Quoted text here. Click to load it

Warning, the lock is voluntary and dependent on the usb to sd drive. All the
ones i have come across so far (about three or four) do not honour the lock
on the sd card....

Gaz



Re: infecting usb drives!!


Quoted text here. Click to load it

That may be true; of course you have to verify the write-protect before
using it on a potentially hostile computer. In my case, a Transcend Class
6, 8 GB SDHC card inside a $9 Rosewill reader is only slightly larger than a
thumb drive, totally enclosed, out-performs many dedicated flash drives,
allows for upgrade or recycling of the flash medium, and the write protect
definitely works.  And the whole outfit costs less than most discounted
thumb drives of similar capacity.





Re: infecting usb drives!!

Mike S. wrote:
Quoted text here. Click to load it

I picked up a lockable usb drive 8gb for about £12 on ebay. A major relief
now...

Gaz



Re: infecting usb drives!!

Quoted text here. Click to load it

Yea, even those digital photo frames have been known to come from the
factory with a virus already on them.


Re: infecting usb drives!!


Quoted text here. Click to load it

I don't know if this still remains true for vista... However, for the rest
not using... vista nor mac... holding down the left shift key while
inserting the drive should tell windows not to bother with autorun.

Still works for cds.. I haven't tested it with my usb sticks, because...
well, I hadn't worried about this. :) I don't mind if something wants to
tag along, it can come back with me, and be checked out..... lol.


--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
  


Re: infecting usb drives!!

Quoted text here. Click to load it

According to the help files in Vista that is supposed to still work but if
doesn't.


Re: infecting usb drives!!


Quoted text here. Click to load it

One person's "nasty malware" is another's "free sample". :o)



Re: infecting usb drives!!


Quoted text here. Click to load it
And Samples are gewd. Recycling bits and bytes, I'm doing my part to be
green! :)



--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
  


Re: infecting usb drives!!


Quoted text here. Click to load it


USB Cop will stop any app that wants to autorun when you insert the drive,
take you to the app's locatoin and let you decide whether to or not to start
it..

Freeware   http://sourceforge.net/projects/usbcop


Bob



Re: infecting usb drives!!

rjdriver wrote:
Quoted text here. Click to load it

usbcop - Version: 1.0 PreAlpha 4 ?

Pre-alpha stage consists of the period of time from the start of the
development phase until Alpha release (or any other stage that comes
next, in case developers opt to have no Alpha release). Sometimes a
build known as pre-alpha is issued before the release of an alpha or
beta, as developers need to see how features work in action as the
development process proceeds. In contrast to alpha and beta versions,
the pre-alpha is not feature complete. When it is used, it refers to all
activities performed during the software project prior to software
testing. These activities can include requirements analysis, software
design, software development and unit testing.

;-)

--
  JD..

Site Timeline