If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
USB Thumbdrives & Malware?
Ok, last night I ended up with a load of malware after downloading a few cpu temperature utilities. Another great waste of time. But this reminded me of a question I have been wondering about -- what methods of infection are used with USB thumbdrives? Am I safe transferring non-executable files between computers via thumbdrive?
|
#2
|
|||
|
|||
USB Thumbdrives & Malware?
Davej wrote:
Ok, last night I ended up with a load of malware after downloading a few cpu temperature utilities. Another great waste of time. But this reminded me of a question I have been wondering about -- what methods of infection are used with USB thumbdrives? Am I safe transferring non-executable files between computers via thumbdrive? Something like AutoPlay ? Microsoft, when they update stuff and made changes, didn't always lean in the "consistently secure" direction. So there might still be an exposure, if moving a USB key from infected computer to clean computer. It really depends on whether malware designs continue to attempt to exploit that or not. A good AV, should step in when there is an opportunity for something to AutoPlay. Without an AV, you're taking a risk. Without an AV, you'll have to read those KB articles, to figure out how to make sure that stuff is all turned off. It really serves no essential purpose to have AutoPlay. The user can click on stuff when they want it. Having programs start by themselves is just stupid. Typically an installer package is set up that way, so that when media is inserted, the installer appears on the screen "like magic". Which would be fine, if malware was prevented from doing that. Paul |
#3
|
|||
|
|||
USB Thumbdrives & Malware?
Davej wrote:
Ok, last night I ended up with a load of malware after downloading a few cpu temperature utilities. Another great waste of time. But this reminded me of a question I have been wondering about -- what methods of infection are used with USB thumbdrives? Am I safe transferring non-executable files between computers via thumbdrive? Also, when you download something, you have the option of uploading to Virustotal.com immediately. That site hosts around 50 different AV scanners, which can analyze a file and tell you if there is malware present. It's not foolproof, because they probably won't do a good job of labeling PUPS (Potentially Unwanted Programs) or things like Toolbars. But for those, Adwcleaner is an after-the-fact solution. http://www.bleepingcomputer.com/download/adwcleaner/ Paul |
#4
|
|||
|
|||
USB Thumbdrives & Malware?
On Wednesday, January 15, 2014 1:56:23 PM UTC-6, Paul wrote:
Davej wrote: Ok, last night I ended up with a load of malware after downloading a few cpu temperature utilities. Another great waste of time. But this reminded me of a question I have been wondering about -- what methods of infection are used with USB thumbdrives? Am I safe transferring non-executable files between computers via thumbdrive? Also, when you download something, you have the option of uploading to Virustotal.com immediately. That site hosts around 50 different AV scanners, which can analyze a file and tell you if there is malware present. It's not foolproof, because they probably won't do a good job of labeling PUPS (Potentially Unwanted Programs) or things like Toolbars. But for those, Adwcleaner is an after-the-fact solution. http://www.bleepingcomputer.com/download/adwcleaner/ Paul This is a good website to know, thanks. I am wondering if the right thing to do is to take the suspect USB drive and open it in Linux and then try to use an online scanner to scan it. Another option might be to use VM or VirtualBox. |
#5
|
|||
|
|||
USB Thumbdrives & Malware?
Davej wrote:
On Wednesday, January 15, 2014 1:56:23 PM UTC-6, Paul wrote: Davej wrote: Ok, last night I ended up with a load of malware after downloading a few cpu temperature utilities. Another great waste of time. But this reminded me of a question I have been wondering about -- what methods of infection are used with USB thumbdrives? Am I safe transferring non-executable files between computers via thumbdrive? Also, when you download something, you have the option of uploading to Virustotal.com immediately. That site hosts around 50 different AV scanners, which can analyze a file and tell you if there is malware present. It's not foolproof, because they probably won't do a good job of labeling PUPS (Potentially Unwanted Programs) or things like Toolbars. But for those, Adwcleaner is an after-the-fact solution. http://www.bleepingcomputer.com/download/adwcleaner/ Paul This is a good website to know, thanks. I am wondering if the right thing to do is to take the suspect USB drive and open it in Linux and then try to use an online scanner to scan it. Another option might be to use VM or VirtualBox. If you want a benign environment to work in, boot a Kaspersky rescue CD and scan the USB stick there. Kaspersky runs Linux, and the malware should not have any Windows Autoplay opportunities there. That would be a way to protect your Good PC from damage while examining the USB flash drive. You could even use two flash drives, one with KAV on it, the other being the "suspect" flash drive. As long as the file systems are mountable, KAV should be able to scan it. http://support.kaspersky.com/8092 You can, of course, also run that on the PC with the malware. I was using that CD just yesterday :-( Got a little scare from a web browser popup, so rebooted the Kaspersky disc just to make sure there wasn't any "damage". Seems OK. Whatever was on the website, seems to have modified something in one of the browser caches, and cleaning every stinking cache, fixed it up. That browser has a total of four caches, with two being empty, one being the "regular" cache, and one being a "startup" cache. And the "startup" cache had been modified. It was some kind of Javascript attack. Paul |
#6
|
|||
|
|||
USB Thumbdrives & Malware?
On Thursday, January 16, 2014 2:00:30 PM UTC-6, Paul wrote:
Davej wrote: On Wednesday, January 15, 2014 1:56:23 PM UTC-6, Paul wrote: Davej wrote: Ok, last night I ended up with a load of malware after downloading a few cpu temperature utilities. Another great waste of time. But this reminded me of a question I have been wondering about -- what methods of infection are used with USB thumbdrives? Am I safe transferring non-executable files between computers via thumbdrive? Also, when you download something, you have the option of uploading to Virustotal.com immediately. That site hosts around 50 different AV scanners, which can analyze a file and tell you if there is malware present. It's not foolproof, because they probably won't do a good job of labeling PUPS (Potentially Unwanted Programs) or things like Toolbars. But for those, Adwcleaner is an after-the-fact solution. http://www.bleepingcomputer.com/download/adwcleaner/ Paul This is a good website to know, thanks. I am wondering if the right thing to do is to take the suspect USB drive and open it in Linux and then try to use an online scanner to scan it. Another option might be to use VM or VirtualBox. If you want a benign environment to work in, boot a Kaspersky rescue CD and scan the USB stick there. Kaspersky runs Linux, and the malware should not have any Windows Autoplay opportunities there. That would be a way to protect your Good PC from damage while examining the USB flash drive. You could even use two flash drives, one with KAV on it, the other being the "suspect" flash drive. As long as the file systems are mountable, KAV should be able to scan it. http://support.kaspersky.com/8092 You can, of course, also run that on the PC with the malware. I was using that CD just yesterday :-( Got a little scare from a web browser popup, so rebooted the Kaspersky disc just to make sure there wasn't any "damage". Seems OK. Whatever was on the website, seems to have modified something in one of the browser caches, and cleaning every stinking cache, fixed it up. That browser has a total of four caches, with two being empty, one being the "regular" cache, and one being a "startup" cache. And the "startup" cache had been modified. It was some kind of Javascript attack. Paul Hmmm... browser cache? File folders? I'm not familiar. Or do you mean the HTML5 local storage? I gave a Kasperkey CD a try today but at the end of the scan of the USB thumbdrive it got caught in some sort of repeating loop and kept checking the same files over and over. I can't even find those filenames on the thumbdrive. It was a whole long list of Rxxxx.htm names. Strange. |
#7
|
|||
|
|||
USB Thumbdrives & Malware?
Davej wrote:
On Thursday, January 16, 2014 2:00:30 PM UTC-6, Paul wrote: Davej wrote: On Wednesday, January 15, 2014 1:56:23 PM UTC-6, Paul wrote: Davej wrote: Ok, last night I ended up with a load of malware after downloading a few cpu temperature utilities. Another great waste of time. But this reminded me of a question I have been wondering about -- what methods of infection are used with USB thumbdrives? Am I safe transferring non-executable files between computers via thumbdrive? Also, when you download something, you have the option of uploading to Virustotal.com immediately. That site hosts around 50 different AV scanners, which can analyze a file and tell you if there is malware present. It's not foolproof, because they probably won't do a good job of labeling PUPS (Potentially Unwanted Programs) or things like Toolbars. But for those, Adwcleaner is an after-the-fact solution. http://www.bleepingcomputer.com/download/adwcleaner/ Paul This is a good website to know, thanks. I am wondering if the right thing to do is to take the suspect USB drive and open it in Linux and then try to use an online scanner to scan it. Another option might be to use VM or VirtualBox. If you want a benign environment to work in, boot a Kaspersky rescue CD and scan the USB stick there. Kaspersky runs Linux, and the malware should not have any Windows Autoplay opportunities there. That would be a way to protect your Good PC from damage while examining the USB flash drive. You could even use two flash drives, one with KAV on it, the other being the "suspect" flash drive. As long as the file systems are mountable, KAV should be able to scan it. http://support.kaspersky.com/8092 You can, of course, also run that on the PC with the malware. I was using that CD just yesterday :-( Got a little scare from a web browser popup, so rebooted the Kaspersky disc just to make sure there wasn't any "damage". Seems OK. Whatever was on the website, seems to have modified something in one of the browser caches, and cleaning every stinking cache, fixed it up. That browser has a total of four caches, with two being empty, one being the "regular" cache, and one being a "startup" cache. And the "startup" cache had been modified. It was some kind of Javascript attack. Paul Hmmm... browser cache? File folders? I'm not familiar. Or do you mean the HTML5 local storage? I gave a Kasperkey CD a try today but at the end of the scan of the USB thumbdrive it got caught in some sort of repeating loop and kept checking the same files over and over. I can't even find those filenames on the thumbdrive. It was a whole long list of Rxxxx.htm names. Strange. The cache in question, was in Seamonkey. C:\Documents and Settings\username\Local Settings\Application Data\Mozilla\SeaMonkey\Profiles\random.default Cache mozilla-media-cache OfflineCache startupCache --- file in here It was the last one, that seemed bigger than it should be. Throwing away the contents caused it to regenerate. The regenerated file was smaller. ******* Kaspersky scans archives, such as ZIP, 7Z, RAR or the like. The path names shown in the display, will include the filenames coming out of the archive. It's too bad that damn display wasn't wider, so the whole pathname could be seen. They could even have used a two line display, like show the ZIP name on one line, and the currently scanned file inside the ZIP in a second line. Just so the user would know it was "stuck in an archive". Kaspersky is protected against archive bombs (intentional efforts to feed a logically too-large archive, into the scanner). But when it deals with real archives, it can become overwhelmed. I've had the scanner spend hours and hours, with an archive with about 60,000 files zipped in it. If you know there are archives like that on the media, really big archives, it might be better to move them somewhere for safe keeping. If you really needed to scan a large archive, but didn't want Kaspersky rescue scanner "going exponential", you could unzip your archive into a separate partition, and just let it dine on the separate files. I've actually had Kaspersky scanner *crash* on a too-large ZIP, so I've moved those to my data disk. Now, when C: needs to be scanned, it takes a lot less time. I'm down to anywhere from ten to twenty minutes for C:. When the time goes higher than that, it's time to houseclean C: again :-) And whatever was hiding in my startupCache, Kaspersky didn't notice. It didn't flag the file. I guess browser hijackers aren't high on their list. Paul |
#8
|
|||
|
|||
USB Thumbdrives & Malware?
On 1/15/2014 2:03 PM, Davej wrote:
Ok, last night I ended up with a load of malware after downloading a few cpu temperature utilities. Another great waste of time. But this reminded me of a question I have been wondering about -- what methods of infection are used with USB thumbdrives? Am I safe transferring non-executable files between computers via thumbdrive? No safer (or unsafe) than using any other method of transferring files. Network, USB stick, DVD, CD, ZIP disk, floppy or tape its all the same. An infection is generated by executed code. The type of media plays no part. When you run an infected program (installer or application) you are depending on your anti-virus to catch it as its loaded into memory in preparation to execute or be read in and acted upon by a resident application. *Always SCAN* any downloaded files (especially free stuff) before even thinking about running it. Do some searches on line to see if there are any reports of it infecting someone else isn't a bad idea either. Select 'custom install' if offered which generally gives you the opportunity to avoid unwanted tool bars and the general cruft free stuff tries to foist upon you. For example, Google Earth (generally respected) wants to install anti-virus. Surely you have made your choice in that department? The last thing you need is two anti-virus programs running at the same time. John |
#9
|
|||
|
|||
USB Thumbdrives & Malware?
On Saturday, January 18, 2014 6:43:02 PM UTC-6, John wrote:
On 1/15/2014 2:03 PM, Davej wrote: Ok, last night I ended up with a load of malware after downloading a few cpu temperature utilities. Another great waste of time. But this reminded me of a question I have been wondering about -- what methods of infection are used with USB thumbdrives? Am I safe transferring non-executable files between computers via thumbdrive? No safer (or unsafe) than using any other method of transferring files. Network, USB stick, DVD, CD, ZIP disk, floppy or tape its all the same. An infection is generated by executed code. The type of media plays no part. No, the problem is that I need to research how to turn off autorun and autoplay. http://www.redmondpie.com/how-to-dis...and-windows-8/ The problem with c-net is that it now produces a loader file. You download and scan the loader file and there is nothing there. You execute the loader file and it downloads and installs a pile of crap. |
#10
|
|||
|
|||
USB Thumbdrives & Malware?
On Monday, January 20, 2014 12:13:27 AM UTC-6, Davej wrote:
[...] Looking at http://www.virustotal.com -- many downloadable copies of filezilla seem to be infected, including sourceforge.net and filezilla-project.org |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Macs get attacked by malware | RnR[_2_] | Dell Computers | 5 | May 27th 12 08:37 PM |
new malware info | willbill | General | 77 | August 12th 06 10:57 PM |
malware can set IDE password in XP SP2 | Eric Gisin | Storage (alternative) | 0 | July 15th 05 04:19 PM |
help deleting malware | [email protected] | Homebuilt PC's | 2 | February 6th 05 04:53 PM |
Malware | Echuca | Compaq Computers | 0 | October 15th 04 05:42 PM |