Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

USB Virus, lovely!

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Mon Jan 05, 2009 5:12 pm    Post subject: USB Virus, lovely! Reply with quote

Well, not specifically USB as it appears to target the root of any writable media, but I had a nasty bug on an infected laptop try to whack one of my thumb drives today. A few things I found looking it up....

http://www.techsupportforum.com/microsoft-support/windows-xp-support/315657-recycled-boot-com-not-valid-win32-application.html

http://answers.yahoo.com/question/index?qid=20080927041605AAG9pH0

http://www.techspot.com/vb/topic118473.html
(looks like this has been around for a while)

Anyone have opinions on this recommendation?

http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector/

Okay, I'm off to shop for an Ironkey... Wink
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Mon Jan 05, 2009 6:41 pm    Post subject: Reply with quote

been around awhile

http://sparksspace.blogspot.com/2008/08/how-to-clean-virus-infected-flash-drive.html

http://www.bleepingcomputer.com/forums/topic128514.html
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 20 Dec 2014
Posts: 10346
Location: at the beach

PostPosted: Mon Jan 05, 2009 9:08 pm    Post subject: Reply with quote

I've been looking at the Ironkey also. Do you know if any retail stores sell them? I looked some time ago and could not find any.

If anyone wants to check it out...

https://www.ironkey.com/
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Tue Jan 06, 2009 6:11 am    Post subject: Reply with quote

I haven't found it retail yet. I'll probably go with Thinkgeek:

http://www.thinkgeek.com/gadgets/security/99f1/

Their price for the basic 4GB beats this:

https://store.ironkey.com/basic

Thinkgeek doesn't offer the 8GB flavor, but $200+ makes me cringe, and I don't plan to load the thing up with MP4s anyway. Besides I want the geekpoints. Very Happy
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
Proactive Services
Security Expert


Joined: 06 Feb 2006
Last Visit: 24 Jun 2009
Posts: 169
Location: Hampshire, UK

PostPosted: Thu Jan 08, 2009 3:16 am    Post subject: Reply with quote

I've come across such malware twice in the last few months. One came from an iPod which NOD32 nabbed, thankfully. Other one was at a 20+ PC installation...what a mess that was!
_________________
Adam Piggott, Proprietor, Proactive Services (Computing)

Professional, friendly computer support in Hampshire, UK.
Back to top
View user's profile Send private message Visit poster's website
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Fri Jan 16, 2009 11:18 am    Post subject: Reply with quote

They may be after more than just $49.99 per victim...

http://www.darkreading.com/security/attacks/showArticle.jhtml;jsessionid=TRX1XWCD5MAYGQSNDLOSKH0CJUNN2JVN?articleID=212900793

Quote:
The perpetrators have been cranking out new variants of the worm to evade detection, and, so far, its main mission has been pushing rogue antivirus software.


And to tie it together....

http://www.theregister.co.uk/2009/01/15/conficker_worm/

Quote:
The malware also infects removable devices and network shares using a special autorun.inf file.


Hmmmm. The infestation that snapped at my thumb drive came from a machine riddled with (among other things) "Windows Antispyware 2009". Nice.

This is an interesting read:

http://www.f-secure.com/weblog/archives/00001579.html

Quote:
A very large part of that traffic is coming from corporate networks, through firewalls, proxies, and NAT routers. Meaning that one unique IP address that we see could very well be 2,000 infected workstations in real life.


Oh, ugh.
Confused
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 20 Dec 2014
Posts: 10346
Location: at the beach

PostPosted: Fri Jan 16, 2009 9:41 pm    Post subject: Reply with quote

Conficker / Downadup are really nasty beasts. Some detailed info here:

http://blog.trendmicro.com/security-policy-for-dummies-how-to-avoid-worm_downad-infection/

http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VNAME=WORM%5FDOWNAD%2EAD+URLs&Page=

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FDOWNAD%2EAD&VSect=T
check out the list of passwords used in the dictionary attack

Advice from Microsoft on dealing with this:
http://support.microsoft.com/kb/962007

Instructions for disabling autorun for usb devices:
http://msdn.microsoft.com/en-us/library/cc144204.aspx
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93502.mspx?mfr=true
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Writer
Warrior


Joined: 28 Feb 2007
Last Visit: 05 Oct 2009
Posts: 57

PostPosted: Mon Feb 23, 2009 6:22 pm    Post subject: Reply with quote

I have a question about USB viruses, though not specifically this one. Obviously the best way to protect yourself from a USB virus would be to only use USB drives that don't have viruses on them, but is having autorun disabled and scanning the USB drive before you open it a way to make sure you don't get infected? Or can a USB virus still get on your computer even if you have autorun disabled and do a virus scan?
Back to top
View user's profile Send private message
Proactive Services
Security Expert


Joined: 06 Feb 2006
Last Visit: 24 Jun 2009
Posts: 169
Location: Hampshire, UK

PostPosted: Tue Feb 24, 2009 2:58 am    Post subject: Reply with quote

If autoplay is *properly* disabled then I do not believe that infection can occur automatically, unless it leverages an exploit in Windows in the future.
_________________
Adam Piggott, Proprietor, Proactive Services (Computing)

Professional, friendly computer support in Hampshire, UK.
Back to top
View user's profile Send private message Visit poster's website
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Tue Feb 24, 2009 9:36 pm    Post subject: Reply with quote

The key there is properly (and thoroughly).

The flip side of the coin is to make sure your thumb drives aren't at risk of getting compromised by an infected pc. I've been busy shoring up my defenses on that front - I don't need my critical toolkit rendered useless by a computer that I'm trying to rescue! Confused
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
Nightmaretony
Warrior


Joined: 15 Mar 2005
Last Visit: 30 Jun 2011
Posts: 256
Location: Meadowbrook

PostPosted: Sun Mar 08, 2009 4:02 pm    Post subject: Reply with quote

My habit is to throw me saver toolkit on a CD Rom. Viruses have a HELL of a time trying to infect one!
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park
Back to top
View user's profile Send private message Visit poster's website AIM Address
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Mon Mar 09, 2009 7:28 am    Post subject: Reply with quote

Yep, me too. My newest plaything is a Puppy Linux bootable CD. That un' is a tough nut to crack. The downside is I have a hell of a time updating tools on a CD. Wink I can't just burn new CDs every other week or so - my budget's so tight these days it squeaks going into a turn... Rolling Eyes
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 24 Nov 2014
Posts: 1073
Location: CenTex

PostPosted: Mon Mar 09, 2009 9:13 am    Post subject: Reply with quote

If you handle a lot of media that may contain unknown auto-runs and you don't have 'auto-run' disabled, you might be interested in the USB Firewall.

Since NOTHING can initiate on our sys without prior admin approval, I don't need this or any other kinds of anti-malware wares. However, I understand this tool works great and with a lightweight footprint.

Ref; http://www.net-studio.org/application/usb_firewall.php

Direct DL; http://www.net-studio.org/software/USB_FW.rar

HTH
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Tue Mar 10, 2009 5:43 am    Post subject: Reply with quote

I'll check that out, thanks. I do have autorun disabled six ways from Sunday, but I know a lot of people who don't. My potential problem is rather the opposite; we handle a lot of pcs that contain unknowns, and a lot of our tools are on thumb drives. I think I've got us covered on that front - for now.

I suspect though it's only a matter of time before we get a call for help from someone with an infected thumb drive. We know for sure of one that's loose in the locality, but the user is in denial. He's brought down one network we've seen (and repaired) first hand, but it belonged to a church so they forgave him and opted not to pursue the matter.

So I guess we just wait until he blows up something that belongs to a less forgiving group and we get a call from them. Rolling Eyes
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group