Risk infection from external hdd, how to proceed?

Discussion in 'other security issues & news' started by Zapco_force, Feb 18, 2015.

  1. Zapco_force

    Zapco_force Registered Member

    Joined:
    May 17, 2013
    Posts:
    84
    Location:
    Italy
    Good evening everyone, a quick little question but important:
    If I connect an external hdd (or pendrive) infected via USB, it automatically infects the pc also??.....even if it does not open any file?
    Eventually, what you must do to avoid infection via USB?

    Thanks.
     
  2. dansorin

    dansorin Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    233
    Location:
    EU
    you must do the usual stuff: run an antivirus and have an updated operating system.
     
  3. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    702
    Location:
    North of the 38th parallel.
    Will you need to have disabled AutoRun/AutoPlay?
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Depends on what OS you have. If it's up-to-date, there will be a prompt with multiple actions when you insert a drive. One of them is the autorun script, if any.

    If you don't click that, the chances of infection are nil. You could always disable autorun/autoplay, or sanitize the drive (delete autorun.inf) just in case.
     
  5. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    If your OS is Windows, common way is autorun as already mentioned, which actually can easily be blocked. Another common way , tho it's not exactly automated attack, is social engineering, e.g. displaying fake folder view, fake context menu, etc. if you wanna avoid them surely, always display file extension, display hidden and system files, and when you navigate to that drive don't click or double click drive icon, instead use folder tree. And don't trust context menu.

    There's another way to infect you and it's OS independent, called BadUSB exploit, but it's quite unlikely. If you still want to protect from it, use Hitman Pro.Alert or G-Data USB Keyborad Guard.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Oh yeah, speaking of exploits... Keep your OS up-to-date and secured, since something like the .LNK exploit may still exist.
     
  7. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Of course as long as it is not 0day. :D
    But .lnk exploit is good notice, I forgot about it.:thumb:
     
  8. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
  9. Zapco_force

    Zapco_force Registered Member

    Joined:
    May 17, 2013
    Posts:
    84
    Location:
    Italy
    Many thanks to everyone for their interest and advice! :)

    The operating system is Windows 7-Pro_SP1_64bit with the latest updates february 2015 .... however I definitely follow your sage advice to disable autorun usb!
    But on the web I saw several ways to do it, and now I'm confused because I don't understand what is the right one! ..... also don't understand which registry key (or keys)
    should be changed...:confused:
    What is the fast way without having to download or install anything?.....because if the key to change is only one (or two) I can do it manually using the "regedit.exe" utility, but
    if there are many keys to changed, then it's difficult and I would not make trouble!
     
  10. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    I don't understand your choice of Hitman Pro.Alert for BadUsb exploit.

     
  11. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    I have a sure-fire fix. Send me a PM. I'll send my grandson to your house and he will fill all your open USB ports with recently used "Double Bubble" bubble- gum as he did to mine several years ago :)

    Or you can DIY as "Double Bubble" is available on Amazon.

    G-Data has a free mini-program that prevents and warns you of any attempt of a USB device to control your keyboard without your OK, the most common route of Bad USB attack. It caused issues on my PC, but many peeps apparently are able to use it.
     
    Last edited: Feb 24, 2015
  12. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Please search a bit.
    e.g. HitmanPro.Alert Support and Discussion Thread
     
  13. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Thank you so much Yuki ! :)

    I didn't find this info on their hitmanpro website.
     
  14. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Oh hey, thanks! I didn't know that was a possibility.

    Implementing something like that should be fairly trivial on Linux, I think - probably a udev rule to prevent the attachment of more than one USB keyboard at a time. (Or any USB keyboards, if you're using PS/2 for whatever reason.)
     
  15. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    That's because this is a feature in beta version, but you already know.
    Yup, I'll do that on my next Linux setup. I believe Windows also should implement such a granular control as a registry entry rather than simple blacklisting.
     
Loading...