USB flash drive threats

Discussion in 'malware problems & news' started by 33AWS, Jun 19, 2011.

Thread Status:
Not open for further replies.
  1. 33AWS

    33AWS Registered Member

    Joined:
    Jun 17, 2011
    Posts:
    12
    What kind of threats exist when it comes to USB flash drive?

    I am trying to protect myself against USB flash drive threats and I have came to the following conclusions:

    1) Autorun.inf threat (auto execute malware as soon as the flash drive is plugged in)

    2) Exploits (like the .LNK exploit)

    3) Infected files on the malware

    Are there are ny other threats? For example: can USB flash drives have rootkit?

    Thanks
     
  2. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    How well would something like Panda USB Vaccine work for USB drives?
     
  3. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I know Panda works fine for number 1 on FAT/FAT 32 formatted USB drives (I tested this on active malware.) It probably works for NTFS too but I've not tested that out. While others have their favorite way to deal with number 1, Panda's USB Vaccine is my favorite.

    Number two is handled if you run a fully patched Windows PC from XP and higher. MS released Microsoft Security Bulletin MS10-046 in August 2010 that addressed this.

    If I understand what 33AWS means, IMO, number 3 is not an issue if the malware is not executed. Any good antivirus could be used to scan for and delete any nasty stuff.
     
  4. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    A few possible means of protection:

    1. Disable Autorun the "correct" way. Better still, default-deny policy or app such as Anti-executable/SRP/Applocker.

    2. Patch/Update the system. Employ workarounds or 3rd-party tools.

    3. If it's something that you're going to execute on purpose, use antivirus/anti-malware for detection, HIPS to detect anomaly, or a sandbox/light virtualization to run the file in a 'contained' environment.
     
  5. 33AWS

    33AWS Registered Member

    Joined:
    Jun 17, 2011
    Posts:
    12
    Hey.

    Thanks for all your replies. At first I wanted to see what kind of threats USB flash drives can bring. I agree that number 3 can be discussed if it is really a threat... so I think Autorun and Exploits are the major threats.

    Are there any other threats beside these two that you have to worry about when it comes to USB flash drives?
     
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,824
    Yes there certainly are.
     
  7. 33AWS

    33AWS Registered Member

    Joined:
    Jun 17, 2011
    Posts:
    12
    Well.. which threats then?
     
  8. 33AWS

    33AWS Registered Member

    Joined:
    Jun 17, 2011
    Posts:
    12
    Anyone got any idea about other threats when it comes to USB flash disks?
     
  9. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    For me, you've covered the basics of malware related issues... that being autorun related problems and actual infected drives.

    IMO, the other things are user caused issues. Two biggies being exposure to static electricity or removing the drive from a computer when still being read from or written to.
     
  10. x942

    x942 Guest

    The teensy or arduino are huge threats. Look here http://forums.hak5.org/index.php?showforum=56. The device acts as a HID and can inject keyboard and mouse controls at very fast speeds which can be used maliciously
     
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    How would 1 and 2 operate in a partition not recognised by Windows, what Gparted might call "unallocated space"?
    What file systems are there that Gparted would lable as unallocated?
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I think another possible threat is booting into a flash drive with infected VBR.
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    OMG surely there's a better way. That looks pretty scary.
     
  14. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    if you have a version of windows that will let you edit group policy, gpedit.msc has a nice and easy to configure way of setting autoplay and autorun settings in Administrative templates
     
Loading...
Thread Status:
Not open for further replies.