Stealthy USB Trojan hides in portable applications, targets air-gapped systems

Discussion in 'malware problems & news' started by ronjor, Mar 24, 2016.

  1. ronjor

    ronjor Global Moderator

    Jul 21, 2003
  2. amarildojr

    amarildojr Registered Member

    Aug 8, 2013
    To be honest, the people who use air-gapped computers for privacy/security should know how to deal with this.

    First, they should recognize the threat that are USB sticks, so AutoRun should already be disabled (AutoPlay as well).
    Second, support technicians should have a spare USB to use on people's computers. They should never use these USB's in security applications, and they should never use these USB's on Windows machines or they air-gapped machines. They can erase the USB's between each support in order to prevent infections between clients, but that should be either done on Linux or a non-important Windows machine that is not connected to the important network.
    Third, they can have a regular USB that is used across computers (even infected ones) if they make sure it's clean and then copy the necessary programs into it. Then they can make it write-protected and use that tool that fills the USB drive with garbage that makes it nearly impossible to copy new files to it.
  3. Palancar

    Palancar Registered Member

    Oct 26, 2011
    This procedure is something that is being studied and discussed by many BitCoin users. Strong security involves the use of a "cold/offline" machine where private keys are stored to sign btc transactions. The signatures are carried back and forth between online and offline computers many times. USB's are used by many due to convenience, but precautions must be taken so you don't get pwn'd.