USB Trojan Hides In Portable Applications, Targets Air-Gapped Systems

Reader itwbennett writes: A Trojan program, dubbed USB Thief by researchers at security firm ESET, infects USB drives that contain portable installations of popular applications such as Firefox, NotePad++, or TrueCrypt, and it also seems to be designed to steal information from so-called air-gapped computers. "In the case we analyzed, it was configured to steal all data files such as images or documents, the whole windows registry tree (HKCU), file lists from all of the drives, and information gathered using an imported open-source application called 'WinAudit'," the ESET researchers said. The stolen data was saved back to the USB drive and was encrypted using elliptic curve cryptography. Once the USB drive was removed, there was no evidence left on the computer, the ESET researchers added.

Won't work on APK Hosts File Engine: Why?

See subject: I protect my portable program via a method I extolled @ "CODING FOR DEFCON" here years ago which was up-modded for its technique, one EVERY exe should use imo as it acts as "native/built-in" antivirus protection in the program itself -> http://it.slashdot.org/comment... where I check exe size @ startup of the program - if it differs? Program will NOT operate...

* This thing, IF I understood its description correctly per the source article's analysis, NEEDS to alter .exe size or .DLL function call tables exported (or exe "jump tables"), in order to operate - add even 1 BYTE to my program (which has NO external DLL dependencies (other than OS api) or DLLs it ships with (none, it's a stand-alone single portable Win32 PE executable))? See above.

(It works...)

APK

P.S.=> Anyone see this differently, or did I miss something (only cursory read of the article here is why I ask)? Feel free to correct me... apk