virus from usb flash drive?

[luv2liv]

my friend said his computer is infected now. all he did was pop the usb drive into his PC to see if it was empty or not.
he saw there were movie files BUT he swear he did not open any.
how how is it possible he got infected or did he lie? if it is possible, then how can i prevent people inserting their usb into my machine?

 

[[DHT]Osiris]

my friend said his computer is infected now. all he did was pop the usb drive into his PC to see if it was empty or not.
he saw there were movie files BUT he swear he did not open any.
how how is it possible he got infected or did he lie? if it is possible, then how can i prevent people inserting their usb into my machine?

In short: yes. There's myriad exploits available that can easily infect a machine if you plug a USB into it.

General rule: Don't plug in a USB that you don't own or didn't come out of a package. Assume it's infected.

 

[UsandThem]

Yup, malware from using an unknown/used USB drive is pretty significant:

https://www.howtogeek.com/203061/don’t-panic-but-all-usb-devices-have-a-massive-security-problem/
https://en.wikipedia.org/wiki/USB_flash_drive_security

The prevalence of malware infection by means of USB flash drive was documented in a 2011 Microsoft study analyzing data from more than 600 million systems worldwide in the first half of 2011. The study found that 26 percent of all malware infections of Windows system were due to USB flash drives exploiting the AutoRun feature in Microsoft Windows.

 

[balloonshark]

I thought Windows killed Autoplay and Autorun by default. I still to this day hold down the left shift key when inserting a USB drive.

 

[VirtualLarry]

AutoRun malware is actually tame by comparison of what is really possible. Search out "BadUSB". Apparently, the actual underlying USB protocol, allows infected USB drives to infect your motherboard's USB controller firmware, below the access of the OS, and vice-versa to "infected" USB host controllers, to any USB flash drives plugged into them.

People wonder, but I buy a lot of BNIB flash drives, and I don't re-use them across machines, much if at all. Certainly NEVER plug in a USB flash drive of unknown provenance into your PC. (Note that with the above-mentioned "BadUSB", anti-virus apps can't even scan that low-level, at the level of controller and device firmware re-programming.)

 

[Steltek]

AutoRun malware is actually tame by comparison of what is really possible. Search out "BadUSB". Apparently, the actual underlying USB protocol, allows infected USB drives to infect your motherboard's USB controller firmware, below the access of the OS, and vice-versa to "infected" USB host controllers, to any USB flash drives plugged into them.

People wonder, but I buy a lot of BNIB flash drives, and I don't re-use them across machines, much if at all. Certainly NEVER plug in a USB flash drive of unknown provenance into your PC. (Note that with the above-mentioned "BadUSB", anti-virus apps can't even scan that low-level, at the level of controller and device firmware re-programming.)

+1

Pretty malevolent stuff. The hackers used to buy cheap low capacity USB drives in bulk which they'd then infect, relabel as being high capacity, then accidentally "loose" them a few at a time on the sidewalk in easily discoverable places outside stores.

I'm sure the folks that "found" them couldn't wait to get home to try them out.

 

[UsandThem]

If I remember correctly, the Stuxnet attack on Iran's nuclear plants was spread in large part by the use of USB drives.

https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

 

[Steltek]

If I remember correctly, the Stuxnet attack on Iran's nuclear plants was spread in large part by the use of USB drives.

https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

Yeah, they even used them to infect air gapped equipment as well. Apparently, Iranian nuclear scientists and technicians were not immune to picking up free USB drives either.

 

[UsandThem]

Yeah, they even used them to infect air gapped equipment as well. Apparently, Iranian nuclear scientists and technicians were not immune to picking up free USB drives either.

The simple message is if people use unkown USB drives, download unknown programs / software, or click on unknown links / go to unknown sites, they're likely going to have a bad time.

 

[amd6502]

Is this a windows specific vulnerability?

I've long thought cd or dvd ROM media are the best and safest install methods. Some millenials think that's old school, nobody uses these, and wonder why the linux ISO's are oriented towards usb sticks.

Well, it sounds like there's a one reason.

 

[mindless1]

my friend said his computer is infected now. all he did was pop the usb drive into his PC to see if it was empty or not.
he saw there were movie files BUT he swear he did not open any.
how how is it possible he got infected or did he lie? if it is possible, then how can i prevent people inserting their usb into my machine?

If he has autorun disabled, it is not very likely that it was the USB drive that caused his infection... more likely coincidence. I'm not suggesting "BadUSB" is impossible but rather, more of a concept than something you're likely to encounter unless you'd made yourself a target to someone technically capable of pulling that off.

It wouldn't be worth the bother to do it to random people, so where did this USB drive come from?

Movie files generally aren't capable of causing an infection. Grated if something was named "Private.Ryan.exe", it probably wasn't a movie file at all.

First he should identify exactly what he's infected with. Next research the modes of infection. In some cases it could be hard to determine this, if the malware proceeded to download and execute more malware, but at first it is likely you can just look at the file dates. Most malware doesn't bother changing the dates.

Why would he lie? Mistaken about the cause possibly, I mean I am putting (known clean) flash drives in my computer all the time, so to notice an infection after using one wouldn't be surprising at all, particularly if it was the other way around, that instead of the malware coming from the flash drive, that it detected the flash drive being plugged in and proceeded to copy itself to it at that point. That seems far more likely if autorun was disabled.

How can you prevent people from inserting USB flash drives into your machine? It seems simple enough to me that you don't allow other people who you don't trust, to have access to use it. Surely you have a certain level of control over who has access to your possessions when you aren't around, for theft prevention if nothing else?

 

[amd6502]

If he has autorun disabled, it is not very likely that it was the USB drive that caused his infection... more likely coincidence. I'm not suggesting "BadUSB" is impossible but rather, more of a concept than something you're likely to encounter unless you'd made yourself a target to someone technically capable of pulling that off.

Well, it's already well known to exist. Demo'd at hacker conventions. Caught in the wild at security labs and torn apart. It's likey more common than thought. We forget Snowden and Kaspersky quickly.

Great stuff Larry; thanks.

AutoRun malware is actually tame by comparison of what is really possible. Search out "BadUSB". Apparently, the actual underlying USB protocol, allows infected USB drives to infect your motherboard's USB controller firmware, below the access of the OS, and vice-versa to "infected" USB host controllers, to any USB flash drives plugged into them.

 

[mindless1]

^ Lions are known to exist too, but I have my doubts that I'm at much risk of attack.

 

[killster1]

yesterday in vegas walking on the street saw a guy drop a usb drive most likely on purpose, i picked it up and threw it in the trash, was small and had two metal pins exposed at the top, thought it was going to shock me or something when i picked it up strange but no way do i need to check out someone elses usb drive, was indian hipster looking guy i think he saw me and dropped on purpose so strange first time i saw it happen, (actually found a usb drive behind my house before that had great mp3 12 years ago )

EDIT::: OK im just paranoid lulululz it researched the drive and it looks like a vape pen charger usb dongle thing honestly i thought it might shock me when opening it

https://www.reddit.com/r/whatisthisthing/comments/a3fklt