Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Could A Thumb Drive Stop Stuxnet?

Kingston launches USB thumb drives with built-in ESET antivirus software to eliminate viruses, Trojan applications, rootkits, and worms.

Is the data stored on your USB thumb drive safe from any malware on a PC it gets plugged into?

USB thumb drive manufacturer Kingston Technology this week announced that two of its drives from the Traveler line -- DataTraveler Vault Privacy and DataTraveler 4000 -- now come with an optional ClevX DriveSecurity feature, which requires 300 MB of the drive's space and includes built-in ESET antivirus software for nuking any viruses, worms, Trojan applications, rootkits, or adware that might attempt to infect the drive.

"When the drive owner authenticates to the flash drive, DriveSecurity launches immediately. It updates its virus signature and scans any changes (all new files, applications, etc.) to the flash drive," said ESET. "Upon user request, it checks the entire flash drive to ensure that it is free of malicious code." ESET also said its anti-malware software contains heuristic malware detection to help identity unknown threats. But the company said that the drive's antivirus software won't scan the PC that it gets plugged into.

Is antivirus software on USB thumb drives redundant? Or might it instead have helped prevent the outbreak of such malware as Stuxnet? Indeed, a USB key carrying Stuxnet appears to have been responsible for at least some of the resulting infections, which targeted an Iranian nuclear facility at Natanz. The caveat with Stuxnet, of course, is that the malware seems to have been introduced on purpose, likely by a U.S. agent, meaning it was meant to infect the USB drive and in turn systems at the facility.

[ Hacking group boasts of government, trade group exploits. Read more at Team Ghostshell Hackers Claim NASA, Interpol, Pentagon Breaches. ]

On the other hand, common malware that attempts to infect USB drives remains alive and well, in part because eradicating it is difficult given all of the different ways in which it can spread. For example, ESET last week reported that the second most prevalent virus is an auto-run worm known as Pronny, which spreads in part by infecting removable media. Once the worm infects a system, it then hides versions of itself elsewhere, including on network shares, and attempts to infect everything it can touch, including thumb drives.

USB drives can get infected in numerous ways, such as through supply chain insecurities during production. For example, IBM accidentally distributed thumb drives at an Australian security conference that were infected malware.

Other infection vectors involve employees using virus-infected kiosks or third-party PCs at airports or Internet cafes, giving the USB key to a friend whose PC happens to have a virus, or using the USB key on a corporate network where a virus is residing.

"In practice one sees both unintentional and intentional infection. Stuxnet is an example of the latter, where someone loaded malicious code onto the drive with the intent of getting that code onto a target system," said ESET security evangelist Stephen Cobb in a blog post. "Unintentional infection can occur when you place your USB flash drive into an inadequately protected system. Sure, you may detect the infection later, when you eventually place your drive into your own computer, but you could do a lot of damage before then."

As an example, Cobb references a case detailed earlier this year by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which in 2010 investigated an outbreak of malware tied to the Mariposa botnet. While the affected organization wasn't named, the industry was noted as being "the nuclear sector."

The investigators traced the infection back to a conference presentation, noting in an advisory that "an employee attended an industry event and used an instructor's universal serial bus (USB) flash drive to download presentation materials to a laptop." After the employee reconnected their laptop to the corporate network after returning to work, the malware spread, ultimately infecting 100 other network-connected systems.

As malware gets increasingly sophisticated, so, too, must the technology and strategies we use to detect and eradicate it (or, better yet, stop it before it ever makes it onto network systems). Our Rooting Out Sophisticated Malware report examines the tools, technologies and strategies that can ease some of the burden. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Solenoid
50%
50%
Solenoid,
User Rank: Apprentice
12/17/2012 | 4:33:48 PM
re: Could A Thumb Drive Stop Stuxnet?
Prevent Stuxnet? Yes, as its definition is known.

Prevent the next emergent Stuxnet? Unlikely. State-sponsored malware creators will account for available countermeasures. Remember the unprecedented complexity of Stuxnet? Expect them to top themselves in that respect next time, if it is even exposed.
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
12/15/2012 | 2:32:42 PM
re: Could A Thumb Drive Stop Stuxnet?
Great idea! But why the heck did they partner with ESET? Just because it is the cheapest AV app out there? They should have partnered with the best.
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...