There is no such thing as a free lunch .
An ISC reader wrote in alerting us to unconfirmed reports that organizations and some government agencies are received "unexpected" shipments of USB thumb drives. Don't know if it's true or not, but with the holidays upon us it bears reminding that USB devices received in suspicious ways often are loaded with hostile software. Sometimes, even commercial off-the-shelf USB devices like photo frames and the like can be infected (see: the Digital Hijackers ISC diary from last Christmas).
It remains a favorite trick of pentesters to throw USB keys infected with malware around for a low-tech vector of an attack in an organization. Trade shows and the like, even a better venue (and you can target by industry or organization). A colleague told me that his favorite trick was to mark a USB thumb drive as "Joe's Bachelor Party Pictures" for that extra "incentive" to get people to plug the device in.
If you're an organization and receive USB keys, even promotional swag, do a low-level format first. If you buy a USB storage device from the store, wipe it first (especially the annoying U3 devices). Sometimes vendors ship USB keys with firmware updates that can be infected (see this example involving HP firmware, there was also a report for Checkpoint Firewall firmware too). Those devices can't be low-level formatted, but a quick "media check" for hidden goodness may be warranted.
There's no such thing as a free lunch, but there is such a thing as free malware. Cavaet Emptor.
If you've had such shipments of unknown USB devices, let us know so we can coorelate data.
--
John Bambenek
bambenek at gmail /dot/ com
iPhone Botnet Analysis
SRI's Malware Threat Center has published an excellent analysis of the iPhone botnet that we covered in a diary a few weeks ago. Here is the abstract:
We present an analysis of the iKee.B (duh) Apple iPhone bot client, captured on 25 November 2009. The bot client was released throughout several countries in Europe, with the initial purpose of coordinating its infected iPhones via a Lithuanian botnet server. This report details the logic and function of iKee's scripts, its configuration files, and its two binary executables, which we have reverse engineered to an approximation of their C source code implementation. The iKee bot is one of the latest offerings in smartphone malware, in this case targeting jailbroken iPhones. While its implementation is simple in comparison to the latest generation of PC-based malware, its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.
Thanks to Phil Porras and the MTC team for all of their great work!
Marcus H. Sachs
Director, SANS Internet Storm Center
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago