Stealthy USB Trojan hides in portable applications, targets air-gapped systems

Discussion in 'malware problems & news' started by ronjor, Mar 24, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    To be honest, the people who use air-gapped computers for privacy/security should know how to deal with this.

    First, they should recognize the threat that are USB sticks, so AutoRun should already be disabled (AutoPlay as well).
    Second, support technicians should have a spare USB to use on people's computers. They should never use these USB's in security applications, and they should never use these USB's on Windows machines or they air-gapped machines. They can erase the USB's between each support in order to prevent infections between clients, but that should be either done on Linux or a non-important Windows machine that is not connected to the important network.
    Third, they can have a regular USB that is used across computers (even infected ones) if they make sure it's clean and then copy the necessary programs into it. Then they can make it write-protected and use that tool that fills the USB drive with garbage that makes it nearly impossible to copy new files to it.
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    This procedure is something that is being studied and discussed by many BitCoin users. Strong security involves the use of a "cold/offline" machine where private keys are stored to sign btc transactions. The signatures are carried back and forth between online and offline computers many times. USB's are used by many due to convenience, but precautions must be taken so you don't get pwn'd.
     
Loading...