http://www.reddit.com/r/talesfromtechsupport/comments/2mkmlm/the_boss_has_malware_again/
i suspect it's not just in e-sigs
i suspect it's not just in e-sigs
|
|
|
careful of those cheap made in china devices
- Thread starter CruisnGrrl
- Start date
I once plugged in my device into a cheap chinese device, had to take a week of antibiotics to clear it up
Motorcycle Mike
Well-known member
Ummm... is it even possible to find a usb device that is not made in China anymore?
It's much worse than that, ever since people realized they could reprogram the firmware on the controllers of many USB devices: http://arstechnica.com/security/201...uters-badusb-exploit-makes-devices-turn-evil/
Of course, it still requires a working exploit of the operating system it's plugging into. The one upshot of this is that you won't see many zero-day exploits delivered this way. Keep your computer patched and up-to-date!
Of course, it still requires a working exploit of the operating system it's plugging into. The one upshot of this is that you won't see many zero-day exploits delivered this way. Keep your computer patched and up-to-date!
I prefer the devices made in japan.
daught
Well-known member
So I wonder, was the executive's computer outdated?
the exploit is any computer with usb, 1, 2 or 3
Dresden
Well-known member
Can someone enlighten me on why a "hacker" would spend countless hours to come up with a virus? Most people I assume do not leave credit card info stored on their computer? I can understand installing a keylogger.. but why would you spend countless hours coming up with this stuff?
My bosses husband has a (plain text, non-encrypted, non-protected) file on his computer with every login name and password he uses in it. D'oh.
for some it's to prove that they can. besides banking and credit card info there is plenty of other information that is on the computer that could be of use such as trade secrets (remember the initial post is about someone plugged their e-cig into the work computer). Sadly this sort of thing is just going to make tech support (particularly that of virus scanners) job harder. it's bad enough that places like cnet and other software distributors wrap malicious adware in with the downloads, my sister ended up with 4 that kept changing the homepage to an ad related one, required software and a re-install of the browser to remove, manually removing didn't get all the hooks out, now you can't even trust what appear to be benign devices. If i was in charge of IT for a large company first thing i would do is disconnect and disable all the USB ports on most of the computers
MarcosSantiago
Well-known member
There is financial inventive, and low risk. There are people paying for custom design viruses, exploits, zero day vulnerabilities.
So you have people investing time and effort into it, then they sell their "product".
Other people buy the malware to execute attacks and steal data. All data has some value, even non-financial data, and there are people buying and selling everything online.
Dirty Frank
Well-known member
Any organization worth their salt tries to limit User 'oopsies' as much as possible. Limiting USB, group policy accounts, browser settings, filters, etc. You can only do so much.
Now most companies are looking at (cost effective) solutions to eliminate infections on THEIR hardware, so they have everyone sign-in via web portals (full encryp, VPN tunnels) that way if something is infected, it's on the end-user not the corp.
TL;DR - Keep your stuff wrapped before sticking it in places.
Because they get paid for it. You develop an exploit like this then you sell it to a ton of people, usually as part of a package. You're either working for the Russian mafia or some government arm. The developers are rarely the one using it themselves these days.
|
|
|
|
|