The Unpatchable Malware That Infects USBs Is Now on the Loose

Discussion in 'Chit Chat' started by EFA11, Oct 3, 2014.

  1. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,719
    6,741
    270
    Full Story: http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/



    Say goodbye to your USB? Wut say U? :D
     
  2. nodnar

    nodnar MDL Expert

    Oct 15, 2011
    1,315
    1,040
    60
    #2 nodnar, Oct 3, 2014
    Last edited: Oct 3, 2014
    not tempted to go back to floppies.. :D or dvds.. :D just a pity such security vultures think they are doing something constructive, by making it public. as usual, i am afraid they are only in it for the money. again.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,719
    6,741
    270
    I tend to agree. Nothing would stop them from working with the manufacturers if they truly wanted to. Sure it's tough to get big business to listen, but persistence and the right person would get the companies moving. I guess we will hear more on this one.
     
  4. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    7,394
    11,615
    240
    I've heard of a version of this where it would take document files and run them as exe files if you double clicked them.
    Honestly, protecting yourself from these sorts of things is just as easy as avoiding malware from downloading...
    You simply don't use suspicious devices.

    The major problem, of course would be if someone like the NSA intercepted packages from China, which makes all our USB stuff, and simply doctoring one of the cables with lookalikes.

    They've been doing it with usb flash drives for a while, but only recently have they been doing it with cables and other usb connections.
     
  5. nodnar

    nodnar MDL Expert

    Oct 15, 2011
    1,315
    1,040
    60
    hm. new to me.. naive walrus.. i have run my pc for over 2 years now.. and had no accidents, still as fast as ever. still, i have my doubts about calling prevention easy.. someone like nsa is not like a person to me.. it is like a criminal organisation.. not that i double click on suspect garbage, ohno.. and i have got some loose thoughts about what comes out of asia.. having been employed by huawei at one time.. just would like to mention that i never caught them at getting smart, over time..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. sid_16

    sid_16 MDL Giveaway Organiser

    Oct 15, 2011
    2,494
    5,362
    90
    Why worry about malware on it (usb) if autorun.inf is disabled.:p
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,719
    6,741
    270
    lol only if it were that easy.
     
  8. KnowledgeableNewbie

    KnowledgeableNewbie MDL Member

    Sep 30, 2014
    178
    28
    10
    interesting, and scary. one problem, imho, is that as soon as these exploits are published every hacker in the world is going to try and reproduce it. there's no way to completely secure a computer accept disconnect from the internet, and that ain't happening. this is just goint to make it harder to try and secure.
     
  9. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    4,071
    4,651
    150
    The source code (Written in C# and 8051 ASM) is available on GitHub for those who want to take a look at it.
    I won't publish the link, as this may be against MDL policy.

    Not all USB devices are compatible for use with this exploit, although I'm sure it will change as hackers start to tinker with it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. mockingbird

    mockingbird MDL Member

    Mar 13, 2011
    130
    13
    10
    I never left floppies.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...