Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1-in-4 worms spread through infected USB devices


  • Please log in to reply
16 replies to this topic

#1 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:38 PM

Posted 28 August 2010 - 10:29 PM

http://www.computerworld.com/s/article/918...s?taxonomyId=17



Computerworld - Hard on the heels of a report that a USB drive was used to compromise U.S. military networks in 2008, a security company today claimed that 25% of all new worms are designed to spread through the portable storage devices.

"Much of the malware in circulation has been designed to distribute through these devices," said Luis Corrons, the technical director of PandaLabs, the research arm of Panda Security, in a statement Thursday. "Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user."


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


BC AdBot (Login to Remove)

 


#2 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:01:38 AM

Posted 29 August 2010 - 06:37 AM

Well I think a many of us have been watching out for this kind of thing for quiet awhile. Camera cellphone is a big problem. Telling people that there cellphone can be infected is like telling a rock to roll over to warm it's backside. You will have more luck with the rock. Some people pass around thumb drives like candy to there friends to download on there computer when they get home or work.

#3 TheTechDude

TheTechDude

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 29 August 2010 - 08:32 AM

My old school the Anti-Virus on their computer was minimal like Norton 2002. I would come home and virus scan all of me flash drives and always turn up with at least one virus. I think that is also some of the major spread of them is taking them from home to school/work then it gets on the network and is taken home with someone else.

#4 NpaMA

NpaMA

  • Members
  • 635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Memphis, TN
  • Local time:02:38 AM

Posted 04 October 2010 - 11:41 PM

This is exactly the reason why when my college professors go "You can just give me your flash drive and i'll put it in my files" I always reply "No thanks, check your email in an hour". >_<

Edited by NpaMA, 04 October 2010 - 11:41 PM.


#5 Yellowmongoose

Yellowmongoose

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 05 October 2010 - 06:57 AM

Wow! I shall be virus scanning my USB drives from now on. I just scanned them and thankfully nothing has come up.

#6 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 05 October 2010 - 09:19 AM

I am fortunate enough to have several PCs. One is dedicated strictly to Clients PC repair and data recovery. Loaded with just about every anti-malware scanner :thumbsup: and data recovery program known to man. :flowers: As well as some other tools of the trade.

Even with all that security I still have this lil gem right on the Desk top. Flash Disinfector. Not a single type of USB flash media is ever introduced to any of my main towers without first being plugged into the bench machine and it being subjected to it`s cleaning\protection process.

This becomes even more critical if you only have one PC. Flash Disinfector is a great little tool to keep handy if you and your friends are always sharing via USB attached media of almost any type.

Disclaimer: No protection is 100%. Your mileage may vary.

#7 bpv_newhacker

bpv_newhacker

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern new jersey
  • Local time:02:38 AM

Posted 12 October 2010 - 11:38 AM

Hi,
can anyone explain how this is possible. Is it in the driver of the usb chip? I know when you plug a usb drive in the port, it does recognize what type it is, so it must download something to the computer. Is there some kind of setting in the usb drive that causes and infected usb drive to download and run a worm executable that is on the drive? if anyone knows I would be interested to know how.

#8 bradumd

bradumd

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:02:38 AM

Posted 13 October 2010 - 05:53 PM

Hi,
can anyone explain how this is possible. Is it in the driver of the usb chip? I know when you plug a usb drive in the port, it does recognize what type it is, so it must download something to the computer. Is there some kind of setting in the usb drive that causes and infected usb drive to download and run a worm executable that is on the drive? if anyone knows I would be interested to know how.


As far as I know, I believe it is in the autorun.inf which automatically runs whatever is inside the autorun.inf when the flash drive is inserted. Viruses can infect this file so that when the autorun.inf is executed, the virus injects itself into whatever computer it is attached to. Now don't quote me on this, but I believe that if autorun is disabled, a virus cannot just jump from the usb drive to your computer by itself. Perhaps some clarification on my last comment from someone more knowledgeable.

You can disable the auto run on your usb drive multiple ways.

Here's one tool that is useful to disable the autorun.inf. Of course there is also ways to edit the registry to stop the autorun, or depending on what version of windows you have, windows may have an integrated tool that makes it easier to disable.

Edited by bradumd, 13 October 2010 - 05:56 PM.


#9 bpv_newhacker

bpv_newhacker

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern new jersey
  • Local time:02:38 AM

Posted 14 October 2010 - 11:53 AM

Hi,
Is there any info on how a .inf operates? how would it run say a batch file or script? I have never looked into these types of files.

#10 T Simon

T Simon

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:02:38 AM

Posted 25 October 2010 - 03:41 AM

Very common! My whole university's network was infected from the use of USB sticks. Sort of ironic they made it mandatory for sub-par anti-virus software but then oked the use of USB drives....

Need to just spread the word like the rest of the risky malware out there.

Thanks for posting

#11 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:01:38 AM

Posted 25 October 2010 - 10:14 AM

Just try to remember that anything, CD,DVD,FLASH THUMB or what ever that has a input to your computer can infect it. (Example)If a friend downloads a movie and burns a copy for you. If that download is contaminated and you play it on your computer your computer can be infected.

#12 T Simon

T Simon

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:02:38 AM

Posted 02 November 2010 - 03:40 AM

Just try to remember that anything, CD,DVD,FLASH THUMB or what ever that has a input to your computer can infect it. (Example)If a friend downloads a movie and burns a copy for you. If that download is contaminated and you play it on your computer your computer can be infected.


Gosh, so many ways.... thanks for the reminder!

#13 ABNINF

ABNINF

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Republic of Texas!
  • Local time:12:38 AM

Posted 10 November 2010 - 10:19 AM

Alright then ... here's a question. I have a log posted here waiting for a reply on an infected machine.

By the time I got the software downloaded and installed to produce the logs asked for I was no longer able to post on BC. I had to save the logs to a USB then take that to another computer to upload/post on BC. I scanned the USB on the machine I used to make the post but now ... the second machine is acting flaky!

Is it possible that by simply putting the logs on the USB that I infected the second machine?

Thanks!
KC

Edited by WWPREBroker, 10 November 2010 - 10:20 AM.


#14 C.Kyuubi

C.Kyuubi

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 31 December 2010 - 12:22 AM

Apparently my paranoia is for a good cause.

My school's computers run on VMWare, so I suppose that provides SOME protection, but they all share a network. I'm not too knowledgeable in virtual machines, but I'm pretty sure it won't help much when they're set to retain all the files for each individual user. And to top it all off, guess what antivirus program they're using?

NONE. ZERO. Every time I turn a school computer on I get that security warning, and it just freaks me out to no end. They're brand new computers, but I get the feeling that some idiot is going to get malware on there eventually... And it'll spread like wildfire. e~e; Maybe it's safer than I think, but they could at least have a little bit of protection, couldn't they? Pardon me while I go search for a portable antivirus program...

#15 Broni

Broni

    The Coolest BC Computer

  • Topic Starter

  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:38 PM

Posted 31 December 2010 - 12:25 AM

Any OS installed on virtual partition has to have as good protection as a parent OS.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users