The Unpatchable Malware That Infects USBs Is Now on the Loose.

Status
Not open for further replies.

sid_16

Level 20
Thread author
Verified
Top Poster
Well-known
Jul 19, 2013
954
It’s been just two months since researcher Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it’s possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem—and the lack of any easy patch—Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl’s fellow researchers aren’t waiting any longer.

full story....... http://www.wired.com/2014/10/code-pu...le-usb-attack/

would you say goodbye to your usb?
 
  • Like
Reactions: amz and BoraMurdar

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
would you say goodbye to your usb?
That is a good question! I use, on average, three to four different portable browsers. Although I sandbox these browsers using Sandboxie, the story's comments about our not even being able to tell if a flash stick is infected is disheartening.

Come on, malwarebytes, develop an anti-exploit for USB flash drives!

Update: We do not have auto-run enabled which is a good thing, (right?:)) and depending upon which system it is that we insert a USB "stick", either Avast or ESET offers a scan of the drive.
If the usb is not infected and is write protected than it stays safe until the protection is removed, or? I remember the floppy disk, I always write protected them unless I needed to update them, until then, I was sure they were not Infected....it was a nice feeling:)
This may be completely different from read/write protection,:rolleyes: but we do have "MC Shield 3.0.5.28", a free program which scans all flash drives coming and going on our 8.1 system.
A search revealed another free software, "USB Write Protect 2.0.0".
Does anyone use the latter, and if so could we all benefit from this or something like it?o_O
 
Last edited:

Cch123

Level 7
Verified
May 6, 2014
335
The newspapers always seem to hype up anything. There is nothing interesting about BadUSB. First, BadUSB is not a malware itself. People need to get this right. It is simply firmware reprogramming of USB drives (I do not consider this to be a software modification), which can be used to inject malware into the system during boot time. The only reason why they say it is "unremovable" is because the usb drive is still infected even during complete reinstalls. The thing is, one of the most important rules of security is that the moment you let someone get to your device, it isn't yours anymore. Just follow this rule and they can't do anything with BadUSB.
 
Last edited:

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
Lol 5 euro and i have a new 8GB usb.
Why worry about malware on it if autorun.inf is disabled lol
 
  • Like
Reactions: Prorootect

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
When you insert an usb device in the pc what happens exactly? Doesn't the pc reads the usb s firmware to know what is being attached? If this is infected than shouldn t this firmware check be enough to activate the malware in the firmware? Why is a Hardware write protection not so safe? If the usb is not infected and is write protected than it stays safe until the protection is removed, or? I remember the floppy disk, I always write protected them unless I needed to update them, until then, I was sure they were not Infected....it was a nice feeling:)
 

Blackhawk

Level 3
Verified
Jun 11, 2014
149
When you insert an usb device in the pc what happens exactly? Doesn't the pc reads the usb s firmware to know what is being attached? If this is infected than shouldn t this firmware check be enough to activate the malware in the firmware? Why is a Hardware write protection not so safe? If the usb is not infected and is write protected than it stays safe until the protection is removed, or? I remember the floppy disk, I always write protected them unless I needed to update them, until then, I was sure they were not Infected....it was a nice feeling:)


Right the way I see it if you have read/write protection nothing can be written to it, it can't be exploited. I'd like to hear why the other poster said "no not realy" to this... he never explained why he thinks this isn't so.
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
No not really, but stopping USB from autorun does help ALOT.
Hi Nico@FMA. I understand '..stopping autorun helps A LOT', and shall continue following your suggestion, but why do you think write protection would not really help?o_O
Cheers!:):)
 
Last edited:

Blackhawk

Level 3
Verified
Jun 11, 2014
149
A read/write protection switch WILL prevent these issues. I did the research and everything I've read says this is the case. The other poster saying "no not really" has yet to say why he made that comment. Nothing against him, but it does not appear his vague comment holds any water whatever it may be. I guess he will leave us in suspense and we will never know as he will not elaborate.
 
  • Like
Reactions: Moose

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Bravo Gdata! First to release a patch and for free! Hope to see soon other av vendors with updates and protection against badusb attacks. ..Emsi apparently would catch flashing attempts with the behavioral capability and alert the user...but this was not rested yet since apparently no badusb malware is available to test Emsi agaist it...in my opi ion, already the code that was uploaded should be detected....

Moose, Cats-4-owners-2, thks for the update..
 
  • Like
Reactions: Moose
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top