IBM-LogoMalware is a particularly virulent strain of hacking and can spread very quickly. However, when it gets help from a tech giant, it can spread even quicker.

It’s now been discovered that IBM have, quite accidentally, managed to ship USB flash drives containing malware. Now, the hacking threat of USB sticks is a readily acknowledged problem in the world of computing, but these attacks originate from anonymous, concealed hackers. IBM, obviously, haven’t gone out of their way to commit such malicious attacks, but the fact remains that it was their product which was used to help spread this infection.

It’s a highly embarrassing revelation for IBM and, once again, reinforces the fact that you need to be continuously on your guard against malware. Let’s take a look at exactly what happened and how one of the biggest names in computing found themselves duped into becoming a delivery method for malware.

How IBM Infected its Customers

Organizations are constantly facing a battle to create more storage for the increasing amounts of data involved in business, so IBM created the Storwize storage system. The installation tool shipped with the Stowize V3500, V3700 and V5000 is housed on a USB flash drive for ease of use, but it’s this flash drive which has been pre-loaded with malicious software.

Normal installation of the IBM tool usually takes place in a temporary folder on the computer’s hard drive, but the infected drives also install a malicious file to this temporary folder. This malicious file then sets about editing the user’s system registry in order to load up the malware every time the user logs on. A number of different Trojans – such as Pondre, Reconyc and Faedevour – have all been detected on the USB drives and this points towards the involvement of cybercriminals.

Naturally, IBM is very embarrassed by the whole fiasco and have been reticent to disclose information on how these USB drives came to be infected and just how many users are at risk. What they have advised is that the infected flash drives will have the part number ‘01AC585’ clearly labelled on them, so, at the very least, IBM customers can quickly check if they’re open to infection.

Treating the Infection

usbmalware

IBM’s immediate solutions to the infected USB drives are as follows:

  • Run your antivirus software to identify and remove any threats. The Trojans contained on the USB drives are well known and easily treated once caught.
  • Destroy the drive as soon as possible to completely eliminate the threat. IBM have now made the required (and non-malicious) software available on their website, so the need for the USB drive is now redundant.

Whilst this should rectify the risk of your system becoming compromised, it does little to quell the bad PR it’s caused for IBM. It also hammers home the fact that hackers are looking for more ingenious ways to deliver their malicious payloads, even having the nerve to piggyback their way onto systems through official IBM products. Obviously, the telltale signs of infections will still be there, so if you aren’t already running the following checks, you should certainly start:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


bad_USBWe’re all used to using USB devices with our PCs for easy connections, but it’s this convenience which also makes them perfect for hacking.

The hacks that grab the headlines are those that are distributed online and through email due to the huge numbers of people these can attack; USB sticks – and, in fact, any USB devices – are limited in their range due to their physical existence, but this doesn’t mean they can’t cause huge problems in localised areas. And hacks involving USB devices can completely disable your PC, so this can have a huge impact on the ability of your business to operate.

Therefore, we’ve decided it’s a good opportunity to give you a quick lesson on the USB hacks that can affect you and how you can counter this everyday threat.

The World of USB Device Hacks

destroy-or-hack-computers-with-USB-pendrive

Due to the presence of autorun software loaded on to USB sticks, all a hacker needs to do is ensure that their infected USB stick is plugged into a PC to activate it’s malicious payload.  Sometimes, though, USB devices don’t even need to be plugged into the PC, so this is why they’re particularly tricky to identify and combat. Here are some of the most common hacks contained within USB devices:

  • USBdriveby – This USB stick is easily identified by the chain attached to it (apparently this is so the user can wear it round their neck!) and contains a particularly nasty surprise inside. Once plugged into a PC, it begins to imitate your keyboard and uses keystrokes to disable firewalls, opens backdoors to allow remote control and tells network monitoring apps that everything is okay.
  • KeySweeper – Disguised as a USB wall charger, the KeySweeper hack is a very well concealed device which uses wireless connections to identify and spy on local Microsoft wireless keyboards. And, by monitoring keystrokes, KeySweeper can quickly obtain login details and transmit these back to a remote location.
  • BadUSB – Another USB stick hack, BadUSB impersonates your keyboard to allow itself to reprogram firmware associated with your existing USB devices e.g. network cards can be reprogrammed to send users to sites containing malicious software which can soon infect your entire network.

All of these hacks are very simple, but can cause a lot of damage, so how do you combat them?

Combatting USB Hacks

rubber_ducky

Thankfully, when it comes to USB hacks, there are some very simple steps you can take to combat them:

  • Educate your users on the dangers of USB devices. Some hackers have been known to drop infected USB sticks in the car parks of large corporations in the hope that a curious employee will plug them into their work PC.
  • Never ever use pre-owned USB devices in your business, always purchase new devices which can’t have been tampered with.
  • Lock USB port use on the PCs that make up your business and only allow access to trusted administrators. This is perhaps the most guaranteed way to prevent any infected USB devices activating their contents as the USB ports will essentially be disabled and unable to do anything.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


PC On Fire Shoot

Learn how USB thumb drives can potentially destroy laptops / pcs. We’ll explain how this works and what measures can be taken to protect your computers.

If you happen to find an unknown flash drive in any place that you aren’t familiar with, we strongly advise not to plug it into a computer, especially one that is used for work.  It makes sense when there’s a high element of risk involved. Not only does the possibility of being infected by a virus exist, but as of late, a new type of attack has been created which can physically damage your systems. We have recently learned of dangerous USB thumb drives that are capable of frying a computer or laptop. 

How does it work?

Think of a computer’s ports as physical access points for an attack.

USB-Killer-2

  • An attacker would modify or build a USB thumb drive by using an inverting DC-DC converter to draw power off the USB port.
  • The power drawn from the USB port is then used to create a -110VDC charge on a capacitor bank.
  • Once the caps have charged up, this triggers the converter to shut down.
  • This forces a transistor to propel the voltage from the capacitor over to the port’s data pins.
  • This pattern repeats every time the caps recharge, discharging its high voltage through the port.
  • As long as there’s a bus voltage and high current present, the attack will run its course and overrun the small TVS diodes present on bus lines  of the computer or laptop.
  • Inevitably this will lead to a computer’s components, including possibly the CPU, to fry.
  • With fried components, a laptop or computer will be “dead”.

In typical circumstances a USB thumb drive is design to be protected, and a computer is normally able to dissipate manageable amounts of power, which wouldn’t cause this type of damage.

An example of an attack

A thief had stolen a USB flash drive off a commuter on the subway.  When the thief inserted the flash drive into his computer USB port, the least he’d expected was to see some data. Instead, his computer died as its internal components have been fried.  Although one may think that it was good for the thief to get their just desserts, it addresses a more serious problem- trusting unknown peripherals such as flash drives.

Precautionary measures

Now that we have a good overview of how a USB thumb drive can be engineered to take out a computer, let’s discuss how to prevent such an occurrence.

  • Don’t allow strangers to connect a USB thumb drive in to a mission critical computer or laptop.
  • Don’t plug in USB thumb drives found in public.
  • Do only use thumb drives purchased from reliable retailers or officially provided by an IT administrator.
  • Avoid sharing thumb drives, especially if they leave the premises and return to be used on computers.
  • Aim for individuals to carry their own thumb drives which can safely be used within an office environment.
  • Always question any thumb drives which may be presented to your business by an unknown third party. Even if it lands at your office’s reception desk, have an IT admin check it out first.
  • Have a thumb and flash drive policy in place to cover all of the above as part of your IT security policy.

For more ways to safeguard your computers and IT infrastructure, contact your local IT professionals.

Read More


Virus Spreading over USB Thumb Drives

To stay safe from infections, we’re going to look at how viruses spread over USB thumb drives and how you can protect yourself and your business.

Why would anyone deny the comfort level enjoyed with using USB thumb drives to conveniently transfer data? Beneath it all, there’s more to that data transference than meets the eye.

How Viruses Spread over USB Thumb Drives

It starts with attaching a USB Thumb Drive to a device for it to infect the computer. The machine is then infected using the Windows AutoRun feature which is trigger when a storage device is plugged in. Not only is the data transferred, but the device in which the data goes in becomes infected with malware (virus) and malicious software, causing damage or data loss.

autoruninf_thumb

The virus likely originates from the infected device the USB was connected to before. The process of transferring viruses can stem back through a chain of infected hosts, bringing with it a trail of disruption.

At present, it’s highly likely that most USB Thumb Drives connected to an infected device or PC hoards a virus in it. For instance, a new virus threat known as “BadUSB” works off USB thumb drives and is claimed to be unstoppable, according to security researcher Karsten Nohl.

Types of Viruses

The following types of viruses can infect a computer when the user runs or installs the infected program. Infection can occur through something downloaded from the Internet, or in most cases, loaded onto the computer from USB thumb drives.

  • Worm –a program that replicates itself by exploiting vulnerability on a network.
  • Trojan horse -appears to serve a useful purpose, but actually hides a virus, thus infecting the computer by tricking the victim into installing it willingly.
  • Rootkit – makes itself difficult to detect by hiding itself within the system files of the infected operating system.
  • Spyware -designed to covertly spy on a user and report information back to the originator.
  • Spam – common method of transmitting malware onto a user’s computer, usually via unsolicited email messages containing infected attachments or links to exploited websites.

How to Protect Yourself and Your Business

The most effective means of transferring virus for the hackers are through public data bases. Firstly, it is extremely important for anyone to restrict the use of USB thumb drives on computers based at net cafés, coffee shops, copy shops and even at an airport or a hotel, as they are for public use.

You never know which computer might be infected so plan to use business or personal systems over public computers as they are more vulerable to infected USB Thumb Drive viruses. Secondly, it’s best to run a firewall and update to the latest virus definition on any personal or business computers.

Turnoffautoplay_thumb

We suggest disabling the Auto Run functionality of the drive and avoid downloading “free online software” to better protect any USB thumb drive from adopting those menacing viruses.

For more ways to secure your business data and systems, contact your local IT professionals.

Read More