Wednesday, October 1, 2014

BEWARE Flash Drives Can Deliver Computer Viruses

The majority of us these days no longer use disks to share files since the advent of flash drives. Instead most now share via thumb drives inserted into the USB port. Along with it comes new dangers from viruses and malware.

The number one danger comes from leaving a thumb drive inserted while booting up. This can allow these bad guys to reprogram the USB firmware. Once that happens even a clean install from scratch won't solve the problem. So it's important to take precautions that will prevent this from happening in the first place.

The first line of defense is to disable the "autoplay" feature in windows. (1) On the start menu type in the word "autoplay" (w/o the quotes)
(2) Uncheck the box "Use Autoplay for all media and devices".

The second line of defense is to have really good antivuris protection software installed. In my case I use 'Norton'. So this suggestion is specific to it. Go the 'settings' menu and make sure the settings are what you see here. Specifically "Auto Protect- Removable Media Scan" and "Enable Boot Time Protection".

Note I also changed my boot time protection to "aggressive". The reason for that is Norton starts scanning at the earliest time possible after the power button is pushed.

Contaminated Flash Drives Can Contain The Following Risks..
Opening up files on a thumb drive may not always be caught by a antivirus program. They may not even show up as they set about to infect the computer. Some will install commands that will start a set of instructions on the next boot up. Those instructions exploit a weakness found in nearly every computer that allows the USB firmware to be updated w/o oversight with whatever the hacker designed it to do. Once that happens it cannot be removed. As far as I know there is no known 100% effective method to rid it.

Some things it said that this hack can do is..(1) Emulate keyboard commands. Thusly opening the system up creating all kinds of unimaginable havoc without the operator pressing a single key. Thus allowing it reproduce and propagate itself who knows where by issuing a set of keyboard commands unknown to the user while it's happening. It can also record keystrokes in the background undetected. Thus recording passwords, and whatever else a user may be doing through the keyboard.

(2) Create a fake network When computers look for a network they will always look first for a wired network controller before a wireless one, hence go to the fake. This spoofed network then can remain undetected while it forwards everything first through the malware before sending signals to the wireless. All this happens invisibly in the background undetected by the user. The danger in all this lies within the DHCP (Dynamic Host Configuration Protocol) server. The function of which is to spoof the DNS (domain name system) every computer uses to go online.. This allows a hacker receive a users information on everything they do online, while at the same time remaining invisible while it's happening.

I suggest before anyone plugs in another flash drive again to first change all those settings I recommended. Then when the thumb drive is plugged in run a virus scan on it manually even if it's brand new right out of the box. Use this procedure to check all the flash drives laying around even if they've been used before in the computer. This to be sure it's not already too late for you.

I further suggest if you want to go one step further, just to be sure something is not still hiding on a flash disk (even a new one), "format" it before clicking on it. Just remember 'formatting' will erase everything on the drive. Even the files already stored on it.

No comments:

Post a Comment

COMMENT POLICY: I request they meet the following guidelines. (1) Remain on topic. (2) Be informative (3) Disputing any of the facts or opinions expressed either by myself or another be done in a respectful manner. Personal attacks will not be accepted for publication.