Containing Malware when Transferring Files from "Nasty Box"

Discussion in 'malware problems & news' started by goldenbears789, Jun 3, 2011.

Thread Status:
Not open for further replies.
  1. goldenbears789

    goldenbears789 Registered Member

    Joined:
    Jun 3, 2011
    Posts:
    1
    I have an interesting challenge I wanted to run by you guys to see what you think...

    In my organization we have a need to sometimes do "promiscuous" surfing and visit websites we wouldn't want to visit on any machine connected to our Windows network.

    For this purpose, I have set up a Linux box with Firefox and a totally separate cable internet connection. It doesn't touch our network at all.

    That said, we sometimes need to capture data we come across on the nasty web and incorporate it into reports, etc. This means that we need to transfer jpegs, PDFs, FLVs, etc. from the Linux "cold computer" and use these files on our networked Windows machines.

    Our network admin understandably doesn't want us to do any thumb drive hokey-pokey between the Linux machine which is assumed to be festering with nastiness and our business network.

    So, here is my question...

    What is the most secure way to transfer select files (again, images, PDFs, occasional FLV videos, etc.) from our Linux machine safely back to our Windows network in a way that minimizes the chances of infection?

    What do you guys think?

    My initial inclination is to use a common Gmail account for which compromised credentials would have no likely consequences, but that presents its own problems, threats and challenges.
     
    Last edited: Jun 3, 2011
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Power it down, take the hard drive as slave. Make sure your system is secure (use virtualization like Sandboxie or Returnil). Then copy and paste. Scan with multiple scanners (VirusTotal or Hitman Pro) the transferred files beforehand.
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Malware is extremely clever today.
    Look at TDL's attack surface:
    Attacks the router
    Attacks DNS
    Creates it's own partition in unallocated space
    Loads during or just before OS loads up

    The only thing left for it to do is run on the GPU like Yellow Dog Linux, which would make it a cross platform attack tool.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I believe he's looking for solutions, not FUD.

    Thumb drives aren't that dangerous if you have autorun disabled. So slaving may not be necessary, but do follow my other steps.
     
Loading...
Thread Status:
Not open for further replies.