Posted: 1/9/2014 7:46:20 AM EDT
|
I got a USB dongle in the mail promoting some law related web site.
Fired up the "beat the shit out of me" laptop I keep around for such things, and plugged this fucker in. Expected to see Windows installing drivers, and I did. What I did not expect was to see windows installing a "HUMAN INTERFACE DEVICE" instead of a drive. Watched in awe as the dongle installed itself as a keyboard, then started sending keyboard combinations. It minimized all my windows, it pulled up the "RUN" dialog, and it "typed into" that dialog a web address, and hit enter pulling up this particular web address on my browser. It then typed into that web page a username and password and boom, I had access to the new "service" that the package was trying to sell. It occurs to me this is a tremendously powerful attack vector. The laptop in question has autoruns turned off, but this is a hardware trick and got around that completely. Now, sure, it was a legit software company trying to show off their latest web enabled app, but damn... that's an interesting bit of hardware. |
|
Quoted:
I got a USB dongle in the mail promoting some law related web site. Fired up the "beat the shit out of me" laptop I keep around for such things, and plugged this fucker in. Expected to see Windows installing drivers, and I did. What I did not expect was to see windows installing a "HUMAN INTERFACE DEVICE" instead of a drive. Watched in awe as the dongle installed itself as a keyboard, then started sending keyboard combinations. It minimized all my windows, it pulled up the "RUN" dialog, and it "typed into" that dialog a web address, and hit enter pulling up this particular web address on my browser. It then typed into that web page a username and password and boom, I had access to the new "service" that the package was trying to sell. It occurs to me this is a tremendously powerful attack vector. The laptop in question has autoruns turned off, but this is a hardware trick and got around that completely. Now, sure, it was a legit software company trying to show off their latest web enabled app, but damn... that's an interesting bit of hardware. Smart to have a garbage PC to plug that into. Not a new attack at all. Intelligence services have been known to "litter" USB drives in target parking lots. Sounds like the attack wasn't very subtle though. |
|
Quoted:
Why would anybody plug in a USB dongle of unknown origin?  Why indeed? |
|
I got an unexpected USB drive mailed to me out of the blue, presumably from a tech publishing company.
Haven't had the time to find a dummy PC to stick it in. Probably legit, but you'd think a technology company would think twice before sending out USB devices -- that shit is old hat in social engineering circles. |
|
You know what's a great way to spread an infection to a company?
Get a bunch of malware infected USB sticks with the company's logo printed on them. Deliver them to the company or otherwise make them available to the employees. Who isn't going to trust a USB stick they supposedly got from their own employer? |
|
Quoted: You know what's a great way to spread an infection to a company? Get a bunch of malware infected USB sticks with the company's logo printed on them. Deliver them to the company or otherwise make them available to the employees. Who isn't going to trust a USB stick they supposedly got from their own employer? hell, you don't even have to get that creative. just buy a handful of cheap usb sticks from walmart, put your payload on it and then scatter them throughout a parking lot. at least one idiot is going to plug it into their work computer. |
|
Quoted:
Why would anybody plug in a USB dongle of unknown origin? The CIA actually did a study on that a few years back, prior the StuxNet thing. Something like 60% of employees would pick up one of the thumb drives intentionally left in the parking lot, and proceed to plug them into secure systems. Most often "Just to see what size it was". Enough to infect if allowed. For the average home user, I'd put that number closer to 98%, especially if they got in the mail with their name on it. People aren't security conscious, they assume their antivirus will protect them from everything. No mystery at all how malware propagates. |
|
Quoted:
The CIA actually did a study on that a few years back, prior the StuxNet thing. Something like 60% of employees would pick up one of the thumb drives intentionally left in the parking lot, and proceed to plug them into secure systems. Most often "Just to see what size it was". Enough to infect if allowed. For the average home user, I'd put that number closer to 98%, especially if they got in the mail with their name on it. People aren't security conscious, they assume their antivirus will protect them from everything. No mystery at all how malware propagates. Quoted:
Quoted:
Why would anybody plug in a USB dongle of unknown origin? The CIA actually did a study on that a few years back, prior the StuxNet thing. Something like 60% of employees would pick up one of the thumb drives intentionally left in the parking lot, and proceed to plug them into secure systems. Most often "Just to see what size it was". Enough to infect if allowed. For the average home user, I'd put that number closer to 98%, especially if they got in the mail with their name on it. People aren't security conscious, they assume their antivirus will protect them from everything. No mystery at all how malware propagates. Which is why everyone ought to have an old 10 laptop with a good image backup for service as a sand box for this shit. |
|
Quoted:
Which is why everyone ought to have an old 10 laptop with a good image backup for service as a sand box for this shit. Quoted:
Quoted:
Quoted:
Why would anybody plug in a USB dongle of unknown origin? The CIA actually did a study on that a few years back, prior the StuxNet thing. Something like 60% of employees would pick up one of the thumb drives intentionally left in the parking lot, and proceed to plug them into secure systems. Most often "Just to see what size it was". Enough to infect if allowed. For the average home user, I'd put that number closer to 98%, especially if they got in the mail with their name on it. People aren't security conscious, they assume their antivirus will protect them from everything. No mystery at all how malware propagates. Which is why everyone ought to have an old 10 laptop with a good image backup for service as a sand box for this shit. Same as everyone should keep a fire extinguisher in their car? After 20 years in IT I've decided everyone's fucking stupid. |