Monday, September 25, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Microsoft Announces First Windows S Devices, Brings cloud, AI and Mixed Reality to Businesses
Fitbit's Ionic Smartwatch Goes on Sale on October 1st
Levi's Commuter Trucker Jacket Goes on Sale
Samsung Foundry Tapes Out eMRAM Test Chip Based on 28nm FD-SOI Process
8th Generation Intel Core "Coffee Lake" Desktop Processors are Launching today
Showa Denko Starts Shipments of 2.5-Inch 1 TB HD Media
Russian Firm Unveils 'surveillance-proof' Smartphone
Intel Kills Project Alloy VR Headset
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > PC Parts > ESET Di...
Last 7 Days News : SU MO TU WE TH FR SA All News

Saturday, March 26, 2016
ESET Discovers New Self-protecting USB Trojan


Security researchers have spotted a new data-stealing trojan that "attacks" USB devices, it leaves no evidence on the compromised system but most importantly, it uses a special mechanism to protect itself from being reproduced or copied.

Where other malware uses 'good old-fashioned approaches' like Autorun files or crafted shortcuts in order to get users to run it, USB Thief - named by ESET researchers - uses another technique. This method depends on the common practice of storing portable versions of popular applications such as Firefox, NotePad++ and TrueCrypt on USB drives.

The malware is inserting itself into the command chain of such applications, in the form of a plugin or a dynamically linked library (DLL). And therefore, whenever such an application is executed, the malware will also be run in the background.

The malware consists of six files. Four of them are executables and the other two contain configuration data. To protect itself from copying or reverse engineering, the malware uses two techniques. Firstly, some of the individual files are AES128-encrypted; secondly, their filenames are generated from cryptographic elements.

The AES encryption key is computed from the unique USB device ID, and certain disk properties of the USB drive hosting the malware. Hence, the malware can only run successfully from that particular USB device.

The name of the next file in malware execution chain is based on actual file content and its creation time. Because of this, filenames are different for every instance of this malware.
Moreover, copying malware to a different place will replace the file creation time so that malicious actions associated with the previous locality cannot be reproduced.

The "data-stealing" functionality of the malware uses an executable injected into a newly created “%windir%\system32\svchost.exe -k netsvcs" process.

According to ESET's analysis, it was configured to steal all data files such as images or documents, the whole windows registry tree (HKCU), file lists from all of the drives, and information gathered using an imported open-source application called "WinAudit". It encrypts the stolen data using elliptic curve cryptography.

After the USB is removed, nobody can find out that data was stolen.



Previous
Next
Hackers Steal, Sell Verizon Enterprise Customer Data        All News        Microsoft Supports Yahoo Bidders
Samsung To Start Mass-Producing 18nm DRAM     PC Parts News      Synology Releases The DiskStation DS416slim NAS

Get RSS feed Easy Print E-Mail this Message

Related News
Cloak and Dagger Security Hole in Android Discovered
Alleged NSA Malware Does Not Affect Microsoft Users
Preinstalled Malware May Be Targeting Your Android Phone
New Mac OS X Malware Steal Passwords, And iPhone Backups
Researchers Say 1 Million Google Accounts Breached by "Gooligan"
Android Devices Vulnerable To Physical RAM Attack
Millions Of Android Devices Infected With Chinese Malware
'GODLESS' Android Mobile Malware Uses Multiple Exploits to Root Devices
Fraunhofer SIT Finds Vulnerabilities in Android Security Apps
Video Malware Attack Spreads Across Websites
Malware Attacks Non-jailbroken Apple iOS Devices
F-Secure Identifies Malware Family Linked To Russian State-backed Cyber-espionage

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .