London hit by malware-infected USB ruse
by Darren Murph 
posted Apr 26th 2007 at 10:15AM
Joining the infamous Chip & PIN terminal hacks as yet another way to siphon banking details from unlucky Londoners, a group of "malware purveyors" reportedly dropped off tempting Trojan-infused USB drives in a UK parking lot in hopes that unsuspecting individuals would take the bait and subsequently hand over their banking credentials. Supposedly, Check Point regional director Nick Lowe mentioned the wile at the Infosec trade show, but couldn't elaborate due to the ongoing investigation. Another insight suggested that such chicanery was becoming "the new phishing email," but hey, where's the love for those oh-so-vulnerable ATMs? Take note, dear Brits, that the free storage you're eying on the park bench could end up costing you quite a bit in the long run.
Filed under: Misc. Gadgets
Reader Comments (Page 1 of 1)
strider_mt2k @ Apr 26th 2007 10:23AM
What we need is a nice little pocket USB flash drive wiper and then the problem is solved.
Eventually it wouldn't be worth the hardware you're leaving around.
dgblackout @ Apr 26th 2007 10:26AM
or, you could use a mac and get some free storage
Pyrofer @ Apr 26th 2007 11:05AM
Or you could not have autorun enabled and not worry about it at all?
Come on, who is stupid enough to have autorun still enabled?
YenTheFirst @ Apr 26th 2007 11:25AM
because disabling autorun involves editing the registry. most home users don't know:
a) what autorun is
b) they can disable autorun
c) how to disable autorun.
on top of that, when autorun is disabled, windows won't show the name of the CD in the drive, unless you booted with it in there. most home users don't like that.
John @ Apr 26th 2007 11:04AM
This social engineering vector was postulated almost 3 years ago in 2600. What I want to know is, what took so long?
Pinkerton @ Apr 26th 2007 11:56AM
Log in as an administrator
Start -> Run -> type "gpedit.msc"
Click "Administrative Templates" -> "System"
Find "Turn off Autoplay"
Disable for all drives
Now your Windows is 100% secure ;)
supermeerkat @ Apr 26th 2007 11:16AM
I'm suprised the Mac zealots haven't hadd something to say about this.
Nick @ Apr 26th 2007 11:42AM
Allow me...
HAH!
supermeerkat @ Apr 26th 2007 12:33PM
Thank you for that - it's reaffirmed my believe in humanity!
cDizzle @ Apr 26th 2007 11:27AM
This exploit was originally used as a proof of concept roughly a year ago by some security firm. They littered an office parking lot with USB flash drives that would compromise the security of the office network, record keystrokes, etc. The theory is that some (if not most) of the employees who find these flash drives would simply plug them into their work machines out of curiosity. It worked, as enough employees loaded the malware on their machines. Didn't Engadget have a post on this? Anyways, it's funny how these security experts will publish an exploit where the main entry point is human stupidity, and how no one solves the problem leaving more and more people vulnerable to stupid PC tricks that were obviously gleamed off the web from a post about a security firm.
...Paul @ Apr 26th 2007 12:59PM
Right you are, here's an article about it:
http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1
Alex Jones @ Apr 26th 2007 11:27AM
I don't know anything about Windows' "AutoRun" settings for USB Mass Storage, but you can't claim that this isn't "free storage". No, you don't need a pocket flash wiper, you just need an OS that doesn't start arbitrary executables without confirmation as soon as you plug a drive.
Kevlar @ Apr 26th 2007 11:43AM
Macs are not invulnerable. Get over it. I use a Mac, but I don't go around preaching the 'Way of OS X' like it was some freaking religion. If someone wanted to, they could take down your Mac, and probably do it faster than a windows machine. But a keydrive dropped in a parking lot will probably have a trojan for Windows on it, because that is where the numbers are.
steve-o @ Apr 26th 2007 11:51AM
I agree that Macs are not invulnerable, but don't exaggerate by saying you can take down a Mac faster than a Windows machine- that's just crazy talk.
lgg @ Apr 26th 2007 12:23PM
It doesnt need to be on autorun. Humans are naturally curious, when we find a usb key, we will have a quick look around the files that are on it. If the thieves make a .exe that crashes, and give it a word document icon, then 99% of the public will run it.
Doesnt strike me as being the most efficient way of malware distribution mind, even if you can buy a cheap job lot of 16mb sticks from some wholesaler in china...
phoomp @ Apr 26th 2007 11:51AM
I wish some hackers would do that in *my* city ... I could use some free USB drives ...
Ignacio @ Apr 26th 2007 11:51AM
Which for some reason you expect me to double-click? There is no autorun on OS X.
thechihuahua @ Apr 26th 2007 11:55AM
I have a bottle opener that looks just like that on my key ring, I know you people don't care, I just though I'd share that.
Ignacio @ Apr 26th 2007 11:52AM
Previous comment directed @Moff btw (threading seems broken :/ )
steve-o @ Apr 26th 2007 11:55AM
Moff, I'd be interested in seeing how you would write such a Trojan. I'm not saying it's impossible, but I'd be willing to see how far it goes on my Mac Pro. I'd give you props if it actually worked.
steve-o @ Apr 26th 2007 11:58AM
You've suggested turning off Autorun-
cancel or allow?
thechihuahua @ Apr 26th 2007 11:59AM
allow
boomhauer @ Apr 26th 2007 12:07PM
but vista fixed this right? right???
supermeerkat @ Apr 26th 2007 3:17PM
Idiots that play with items of PC hardware they find lying in the street deserve everything they get, if you ask me.
David Beauchamp @ Apr 26th 2007 12:46PM
There is this neat little utility that has been around since the Win9x days, called TweakUI. Makes disabling autorun for drives or for types of media (CD-DVD/Removable) as simple as changing a checkbox. Doesn't involve the manually modifying the registry, is produced by Microsoft, and is free. It is part of a group called "Power Toys":
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
TIMMAH! @ Apr 26th 2007 2:02PM
"This social engineering vector was postulated almost 3 years ago in 2600. What I want to know is, what took so long?"
Waiting on the clearance sale for 16MB flash drives?
Dominic Pettifer @ Apr 27th 2007 8:44AM
Neither Windows XP nor Vista will autorun any .exe files (or any files) on the USB drive when you plug it in. Instead if the USB drive has an autorun.inf file on the drive, windows will pop up some dialog asking the user what they want to do (look at pictures, browse files, run program etc.) and I think there is a further warning if you click to run the program.
So this only works through user intervention, and surely most users are savy enough these days to not run any program they don't know about?
Ken @ Apr 29th 2007 3:39AM
I am more than a little skeptical as they "can't provide more information" since the case is pending. This was announced by a company with a vested interest in making people paranoid about this. That is not to say there isn't a threat, but I would suspend judgment until we know more about the case...particularly from a more neutral party. There are a whole lot of this tools on various websites such as hak5.org and usbhacks.com