Slashdot Mirror

← Back to Stories (view on slashdot.org)

Criminals Distribute Infected USB Sticks In Parking Lot

Posted by Unknown on from the our-dear-friend-social-engineering dept.

New submitter sabri writes "The Dutch news-site Elsevier is reporting that cybercriminals attempted to steal data from a multinational chemicals company by 'losing' spyware-infected USB sticks on the company's parking lot. Their attempt failed as one of the employees who found the stick dropped it off at the company's IT department, who then found the spyware and issued a warning. So next time, don't expect to find someone's dirty pictures on a USB stick you just found..."

16 of 298 comments (clear)

  1. just mount it in Linux by awollabe · · Score: 4, Interesting

    and laugh at the windows auto-loader files they tried to get you with.

    Seriously, I found a "trick" USB stick in my work mailbox once, which turned out to be a test from our IT department that, if you loaded it (in Windows), would direct you to an obligatory computer security training program. After I called them about it, they let me keep it.

    1. Re:just mount it in Linux by bill_mcgonigle · · Score: 4, Interesting

      If the USB device can present itself as the right item, it can potentially do more damage than "just" a drive or filesystem with malware on it.

      I forget the exact mode of attack, but some will nudge the mouse a pixel or two every minute or so to prevent the screensaver from kicking on, and then after some period of user inactivity will begin doing the nefarious bits. I suppose it's easy to kick off a cmd shell from that point and script the attack.

      I'd imagine the non-mouse/keyboard part of the "drive" is baited with good porn or addictive games to encourage its continued presence. Anyway, you can scan it all you want, the drive is clean.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  2. Cool, free thumb drive! by toygeek · · Score: 5, Interesting

    dd if=/dev/zero of=/dev/[usbdrive]

    voila, free thumb drive, malware free.

    --
    Nobodies Prefect
    Tidbits for Techs Technology Blog
    1. Re:Cool, free thumb drive! by Anonymous Coward · · Score: 2, Interesting

      The USB device just needs to look for typical access patterns to determine what kind of system it's plugged into. It can look like a completely normal USB mass storage device to both systems, just with a different payload depending on the way it's accessed by the host.

      A USB thumb drive isn't limited to being a USB mass storage device either. It could pose as a keyboard and send key sequences to open a shell and send files to a server on the internet.

      This just goes to show that Linux isn't immune against user stupidity either. Where Windows users are ignorant, Linux users are smug, and that makes them just as vulnerable.

  3. This is discussed in... by Darth_brooks · · Score: 4, Interesting

    This technique is discussed in "Metasploit - The penetration testers guide" ( http://shop.oreilly.com/product/9781593272883.do )

    Excellent book by the way. After reading it, you'll never look at computer security the same way again, and may very well just switch to an Abacus with a box of crayons on top.

    --
    There are some people that if they don't know, you can't tell 'em.
  4. Re:why would you run something from it? by petermgreen · · Score: 3, Interesting

    There are a few factors

    1: the dominant operating system has blurred the line between running executables and opening data files. Then they went even furher and introduced autorun to make users live's easier. They have tried to put theese genies back in the bottle but it's difficult to do without introducing a load of pain for users.
    2: Even if the OS doesn't have the above problem a USB stick could be put together that enumerated as a keyboard as well as a mass storage device, it could then do pretty much anything the user can do (though it has to do it blind).
    2: the natural assumption when finding a USB stick in the company parking lot is that a co-worker dropped it. Therefore the natural thing to do is to try and determine who owns it so it can be returned to it's rightful owner. Deternining who owns it generally requires looking at the contents

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
  5. Re:Expensive by wierd_w · · Score: 4, Interesting

    Personally, I'd target smartphones.

    If I were a malicious programmer out to get corporate dirt, I would release a "perfectly harmless" appstore game or business applet. This applet does not in any way harm the phone, or call home. What I does instead is drop some binaries on the root of the internal sdcard or flash memory storage device to mimic this attack.

    This has several advantages:

    1) you can update your penetration package as part of an app update, which the user won't catch.

    2) you can target a device frequently demanded to be added to device exception lists, such as corporate CEOs insisting their iBone be able to sync their corporate email.

    This gives you a mostly unprotected path to the mailserver if the package delivery mechanism is done right.

    In the case of android phones at least, you can control how the device talks to the computer, and what HID classes it wants. This could let the phone operate as a hardware keylogger, etc.

    Seriously, smartphones are a torpedo.

  6. Re:Thats what virtual machines are for. by Anaerin · · Score: 4, Interesting

    Just because it looks like a memory stick, doesn't mean it actually is one. Put a microcontroller in there with a USBHID type program and you've got a keylogger, or some other remote access system just waiting to be triggered.

  7. Re:Expensive by GumphMaster · · Score: 4, Interesting

    In certain military environments I worked in the USB, Firewire, and microphone ports were immediately filled with epoxy and (where possible) disconnected from the motherboard.

    --
    Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
  8. Personal Story by schklerg · · Score: 4, Interesting

    So a coworker found a usb key in the parking lot and wisely didn't plug it in. Instead he asked me to check it out before he did. So dutifully I fired up my live CD, plugged it in and quickly saw it belonged to a coworker. But which one in a company of 300+? Well, that was actually pretty easy to figure out, since there was a nice folder with pictures of himself naked in a mirror. Many of them. All alone. So I gave the guy the USB key, told him what I'd seen, washed my hands (and disinfected my cubicle) and was sooooo glad when the photographer took a different job.
    So there may be a virus, or maybe just a lonely coworker.

    --
    Be Excellent To Each Other
  9. Contest by chrismcb · · Score: 4, Interesting

    Wouldn't it be more productive to give them away? As in brand them with the name of a product, and literally give them away at a place where they employees visit. I think someone would be much more likely to use a USB given to them at a "legitimate" event, than one found on the ground.

  10. Re:Thats what virtual machines are for. by Anonymous Coward · · Score: 5, Interesting

    We had a couple turn out in our parking lot that when plugged in showed up as a hub that was connected to a usb drive, cd drive and a keyboard. The last one was tricky. After being plugged in, it would install the devices one by one and try to run them, if that didn't work, it registered as a keyboard and tried to put the input of windows key+r then iexplore websiteURL. That last one took me by surpise, as I'd never seen it before.

  11. Re:Thats what virtual machines are for. by dryeo · · Score: 3, Interesting

    The quadrillion bacteria happily living in your guts would disagree, and depending on the type of their population they'll even change your behaviour.
    http://www.sciencedaily.com/releases/2011/05/110517110315.htm

    --
    https://en.wikipedia.org/wiki/Inverted_totalitarianism
  12. Speculation vs Investigation by Anonymous Coward · · Score: 4, Interesting

    The 'cyber criminals planted the usb sticks in an attempt to steal data'... stuff doesn't come from investigation, it comes from speculation. It could simply have been an infected USB stick an employee threw away or dropped.

    DSM is really a boring chemicals business, employing tens of thousands of people. The chances of spyware getting past anti virus software and onto the right persons computer is pretty damn slim.

    So it looks more like projection to me. There's a lot of talk about cybercriminals as part of the 'cyberwar' budget requests. This was a lost USB key infected. IT dept projects the cyberwar onto their company and assumes it was a cyberattack and not some piece of crapware. Cyberwar lobby grabs the story and pumps it up for their own agenda.

  13. Re:Expensive by Anonymous Coward · · Score: 5, Interesting

    dud example

    There are no examples, and the "5 easy steps" from the linked page haven't worked for years.

    One of the reasons Linux is more secure is that the community responds far more quickly to potential threats.

    Hairyfeet always gets to +5 with votes from the Apple/Windows crowd here, but he's never been able to show a single current instance of actual Linux malware in the wild. Much like the 235 patents, it's always threats from the future or the past.

  14. Re:why would you run something from it? by Hognoxious · · Score: 4, Interesting

    Since ./ is a liberal cesspool

    The contents of your current working directory are of no interest to me.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."