New USB Devices Infected

mikey · January 12, 2008, 08:40:26 PM

It seems that folks are being infected when plugging in new devices. Be carefull with that Xmas gift, it may corrupt your sys.

Ref; http://isc.sans.org/diary.html?storyid=3787

Ref; http://isc.sans.org/diary.html?storyid=3807

Ref; http://isc.sans.org/diary.html?storyid=3817

Ref; http://www.securityfocus.com/news/11499

Corrine · January 14, 2008, 02:37:11 AM

Here's another example: http://www.viruslist.com/en/weblog?weblogid=208187475

mikey · January 14, 2008, 03:44:41 AM

My comment from another thread on the same subject;

Some have suggested turning off the 'autorun/autoplay' feature in Windows, which really is a good idea regardless of this prob. However, like your sandbox querry, I don't believe that to be satisfactory security and here is an exerpt from a MS TechNet article that explains exactly why;

QuoteMany USB controllers are actually Direct Memory Access (DMA) devices. This means they can bypass the operating system and directly read and write memory on the computer. Bypass the OS and you bypass the security controls it provides—now you have complete and unfettered access to the hardware. This renders device control implemented by the OS completely ineffective.

Ref; http://www.microsoft.com/technet/technetmag/issues/2008/01/SecurityWatch/default.aspx

New USB Devices Infected

mikey

Corrine

mikey