Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found USB stick


  • Please log in to reply
8 replies to this topic

#1 thibauld

thibauld

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 22 August 2012 - 02:51 PM

Hello,

I'm not sure if I should post this here since this is only the 2nd time posting on this forum, but this looked like the right place to me.

About 2 weeks ago I found a USB stick at a festival in hungary, and decided to take it home. Im pretty curious about whats on it but I'm really worried there might be some virus or whatever on it when i put it in my PC. So now I am wondering, is there a way I can see whats on it without taking any risks? I've heard of virtual sandbox programs but I've never used one and dont know if those work in this case. Can anyone help?

Thibauld

BC AdBot (Login to Remove)

 


#2 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:18 AM

Posted 22 August 2012 - 03:31 PM

That is a quite reasonable idea since a high percentage of found USB sticks are also infected. Sophos did a study of this subject.

Lost USB keys have 66% chance of malware

Sophos studied 50 USB keys bought at a major transit authority's Lost Property auction.

The study revealed that two-thirds were infected with malware, and quickly uncovered information about many of the former owners of the devices, their family, friends and colleagues.

Disturbingly, none of the owners had used any sort of encryption to secure their files against unauthorised snoopers.


Criminals in USB key espionage attempt against Dutch multinational.

Under the headline Criminals in espionage attempt at DSM (a major Dutch materials and life sciences company), Elsevier.NL reports that this case involves crooks who "put USB sticks in the parking lot."

(For those cynics who wonder, like me, if putting infected USB keys in the parking lot could ever work - my penetration testing friends assure me that it works just fine. But they consider it infra dig to use the technique, because it implies they have failed to get in by more haxorious means.)


Good Luck
Roger

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#3 thibauld

thibauld
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 22 August 2012 - 05:59 PM

Exactly what I thought, I heard about the DSM case as well (im dutch) but do you know any way to see whats on a stick without risking infection?

#4 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:18 AM

Posted 22 August 2012 - 06:18 PM

Is it worth setting up a virtual computer?

You could try this. Welcome to VirtualBox.org!

VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 2. See "About VirtualBox" for an introduction.


Good Luck
Roger

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#5 589661

589661

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toms River, NJ
  • Local time:05:18 AM

Posted 22 August 2012 - 08:02 PM

Hold Shift when inserting the USB into the computer to avoid any autorun. Then run scan the drive with a scanner such as Malwarebytes or Norton (Ew not a fan of norton sorry lol :-) ).

After you scan it with a malware/virus solution you trust, it would be safe to check to see what is on it.

Thats what i would do. I am a curious george so i would be all over checking it out.

Edited by 589661, 23 August 2012 - 07:57 AM.


#6 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 22 August 2012 - 09:10 PM

You could hand it to a buddy and say "take a look at this" , but I would probably pitch it rather than take a chance...

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 PM

Posted 23 August 2012 - 03:06 AM

Do you have access to a Linux machine? Open it in a Linux machine. If it contains malware, it's very very likely Windows malware.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 589661

589661

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toms River, NJ
  • Local time:05:18 AM

Posted 23 August 2012 - 07:49 AM

You could even open it while using a bootable linux or windows pe cd. these "OS" are only loaded into the RAM temporarily and wont make any changed to your system. You can use lili linux creator to make bootable flashdrives of linux distros, or barte pe to create a bootable xp flashdrive. Anyway onece you get into this flash drive let us all know what you find wheter or not it was infected. Im surious as too wheter a person left an infected flash drive around just or some curious persons to get infected. seems like a very sneaky social engineering trick since we all know there are so many out there that would not take the precautions to ensure their own safety and just open it right up autoplay and all.

#9 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:18 AM

Posted 23 August 2012 - 09:26 AM

I'm curious as too whether a person left an infected flash drive around just or some curious persons to get infected. seems like a very sneaky social engineering trick since we all know there are so many out there that would not take the precautions to ensure their own safety and just open it right up autoplay and all.


From My post #2
Criminals in USB key espionage attempt against Dutch multinational.

Under the headline Criminals in espionage attempt at DSM (a major Dutch materials and life sciences company), Elsevier.NL reports that this case involves crooks who "put USB sticks in the parking lot."

(For those cynics who wonder, like me, if putting infected USB keys in the parking lot could ever work - my penetration testing friends assure me that it works just fine. But they consider it infra dig to use the technique, because it implies they have failed to get in by more haxorious means.)

So yes it is a sneaky thing that has been done to infect computers.

Cheers
Roger

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users