I started my profession with one of those help desk careers and quickly moved into a system administrator career. This was followed by a focus in security where I was amazed at the cleverness of hackers and crackers.
Around 2006 (I think), I came across a USB attack identified as Switchblade. It used a special autorun loader on a U3 compatible USB key in an effort to capture information from Windows 2000, XP, or 2003 machines. Although it requires an account with Administrative privledges to recover password hashes and IP information, it would do so in stealth mode without modifying the system. And since most users run their computer with elevated privledges, it had a very good success rate.
Less than two years later, there were headlines that USCENTCOM - in charge of the wars in Iraq and Afghanistan - had their internal systems compromised due to an infected USB drive that was plugged into a desktop computer by a technician. The desktop was connected to the network but no details regarding the amount of damages was ever released.
This type of thing is still happening today. US-CERT just announced that software that comes with the Energizer DUO USB NiMH battery charger is infected with a backdoor Trojan horse, capable of infecting Windows PCs. Sophos detects the Trojan horse as Troj/Bckdr-RBF. Its not quite clear whether the Energizer DUO USB NiMH battery charger shipped with the infected software, or whether it was made available by Energizer separately.
Either way, be careful when plugging anything into your computer!!!
Around 2006 (I think), I came across a USB attack identified as Switchblade. It used a special autorun loader on a U3 compatible USB key in an effort to capture information from Windows 2000, XP, or 2003 machines. Although it requires an account with Administrative privledges to recover password hashes and IP information, it would do so in stealth mode without modifying the system. And since most users run their computer with elevated privledges, it had a very good success rate.
Less than two years later, there were headlines that USCENTCOM - in charge of the wars in Iraq and Afghanistan - had their internal systems compromised due to an infected USB drive that was plugged into a desktop computer by a technician. The desktop was connected to the network but no details regarding the amount of damages was ever released.
This type of thing is still happening today. US-CERT just announced that software that comes with the Energizer DUO USB NiMH battery charger is infected with a backdoor Trojan horse, capable of infecting Windows PCs. Sophos detects the Trojan horse as Troj/Bckdr-RBF. Its not quite clear whether the Energizer DUO USB NiMH battery charger shipped with the infected software, or whether it was made available by Energizer separately.
Either way, be careful when plugging anything into your computer!!!
Powered by Compendium
Comments for USB Security