Malware: The Gift That Keeps on Giving

Friday, June 02, 2017

Topher Tebow

F21d07d4419b469fe0208b4a77f56c7b

USB was game changing when it was introduced in the late 90’s. The ability to plug a new device into your computer, without needing to shut it down first changed our lives forever. Today, we take this for granted, and are constantly attaching and removing devices without a second thought - but you should be thinking about it.

The Gift

Recently, our office had some new desks installed, and the company that installed them decided to leave a gift on each of the new desks: a branded USB hub. This seems harmless enough to most people, but, of course, our ever suspicious curiosity took over.

We weren’t expecting these USB hubs. They were just sitting on our new desks when we arrived in the office on Monday morning. Naturally, we decided to tear into a few of them and see what they were made of. These hubs had a strange numbering system for the ports, but nothing else seemed out of place. There was a single chip, controlling the flow of data through the hub. In our case, they turned out to be harmless USB hubs, but that isn’t always the case. Seemingly harmless USB devices have been found to contain malware in a number of cases.

Reputable Devices

IBM recently released a Flash (Alert), in which they disclosed that a Trojan, part of the Reconyc Trojan malware family, had been found in the USB flash drives they provide with the initialization tool for some of their Gen 1 Storwize systems. The malware finds its way onto your system by hitching a ride with the initialization tool when it copies itself to a temporary folder on your hard drive.

In this case, the drives were part of a product, provided by a reputable company. You wouldn’t expect to receive malware from IBM, so the natural response is to trust the drive, and run the application it contains. With any new USB drive, it is always a good idea to scan it with your antivirus software before running any applications it contains.

Innocent Devices

Programmable keyboards and mice contain a small amount of memory, which could potentially be loaded with malicious software. Even USB chargers for vape pens have been found to contain malware. The more modern boxes for vapes often even contain memory, and can be plugged directly into a USB port for charging and firmware updates. Even devices that don’t typically contain memory could have additional devices included within the casing to hide malware, or could have their firmware infected with something like BadUSB.

Any USB device has the potential to infect your computer. There is no such thing as a trustworthy USB device, especially the first time you use it.

Suspicious Devices

As far back as 2011, there have been studies regarding USB devices dropped in parking lots, and how many people will plug them in. A study just last year found that nearly half of the devices dropped were plugged in by the person that found them. Even season 1 episode 6 of Mr. Robot features Darlene dropping infected flash drives in a prison parking lot to gain access to the prison’s network. Any device you don’t purchase should be considered suspicious, and should not be plugged into a computer. If you do plug it into a computer, it should be one that is not connected to a network, and that you don’t mind completely wiping and reinstalling the operating system after you’ve plugged in the device.

How Do I Stay Safe?

While there are times when you will need to replace a keyboard or other USB device, and I’ve hopefully sufficiently scared you away from USB devices, these are generally safe to use. If you do purchase a USB drive that has software pre-installed, be sure that you scan it with your antivirus software before running any of the installed applications. If you or your employer did not purchase the device, don’t plug it into your computer. If the device was found on a business or school property, just turn it in to lost and found. Always be wary of unfamiliar USB devices, you never know what might be lurking in the darkness.

About the author: Topher Tebow is a Web Security Research Analyst at SiteLock, with over seven years of experience in web hosting and website security. When he is not helping rid the world of malware, he is spending time with his family, working on sound for independent films, and fighting human trafficking.

Possibly Related Articles:
34502
Enterprise Security Security Awareness
trojan USB drive USB malware
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.