Electronics companies putting virus's onto USB sticks

[Bassman59]

Thanks
If you get a virus from a USB stick, then is the only way to get rid of it to re-install windows?
Does re-installing windows definetely get rid of a virus?

The only way to get rid of those viruses (not virus's) is to toss your computer into the shredder.

[Just_another_Dave]

Thanks
If you get a virus from a USB stick, then is the only way to get rid of it to re-install windows?
Does re-installing windows definetely get rid of a virus?

It depends on the type of malware. Most can be eliminated easily just by deleting the infected files (this might require substituting them by a non infected version if the file is necessary for the system). In this case, re-installing windows will get rid of the malware, yet other methods can be used (manually deleting the file, using an antivirus, starting the system in safe mode to impede it from executing and then running the antivirus, running an antivirus from a live cad, etc)

However, there are other types of malware that infects the master boot record or the bios of your computer, making it more resilient and difficult to delete. In this case, it would be necessary to rewrite the MBR or to flash an uninflected firmware to your computer bios

[dietert1]

People cannot use USB pen drives in a company for safety reasons. Everybody educated in IT should know that executables are hidden that establish communication between the systems that the USB drive visits. If one of those systems happens to be online, the data gets dumped to a host somewhere in the US or in China. The sticks carry with them all kinds of logs, images etc. It has hidden partitions for that.

If you want to transfer data in a safe way, there are tools for that. USB pen drives cannot be used. Once i happened to see somebody using a private USB pen drive in our office. He had to leave for good. There is no excuse. Serious companies have monitoring software to detect such violations.

Regards, Dieter

[Faringdon]

Thanks, also supposing i used a USB mouse on the work PC, then come home and connect this same USB mouse to the home laptop, then could that USB mouse spread a virus to the home laptop, just as if it were a USB stick?

[dietert1]

I never heard of that. It may be difficult due to the different protocols a human interface device uses.
Also your case is the first time i hear that they not only detect security violation automatically but include immediate punishment.

Regards, Dieter

[Just_another_Dave]

Thanks, also supposing i used a USB mouse on the work PC, then come home and connect this same USB mouse to the home laptop, then could that USB mouse spread a virus to the home laptop, just as if it were a USB stick?

That would require having a rewritable memory inside the usb mouse that could be accessed by the computer, which is not a common thing as far as I know. A mouse that installs malware on your machine when connected for the first time seems easier to make (something similar to rubberducky), but I haven’t heard of anything like that, so it seems quite improbable that if your computer has a virus it was installed this way

[golden_labels]

People cannot use USB pen drives in a company for safety reasons. Everybody educated in IT should know that executables are hidden that establish communication between the systems that the USB drive visits. If one of those systems happens to be online, the data gets dumped to a host somewhere in the US or in China. The sticks carry with them all kinds of logs, images etc. It has hidden partitions for that.

Any reputable source confirming that story? In particular one that explains, how that works from technical point of view and how comes no one knows about that? If not, than stop making Faringdon even more confused than they already are.

If you get a virus from a USB stick, then is the only way to get rid of it to re-install windows? Does re-installing windows definetely get rid of a virus?

That has already been asnwered in my post. Along with telling you that viruses are nearly non-existent nowadays and nearly surely it’s not a virus. Give yourself a few more minutes to read posts carefully. You can’t acquire understanding of any topic by skimming over a piece of text and picking up some random words.

[dietert1]

In a town nearby named Ettlingen there is a software company named Prosoft. They are making those monitoring tools i mentioned above.
I think i already mentioned how it works: When you buy the stick it comes prepared with hidden storage space and with executables that support hidden collection and distribution of data. As far as i remember it requires support from the operating system and that exists since W7.
Have a look here:
https://www.all-about-security.de/unternehmen-im-fokus/prosoft/usb-sticks-in-industriellen-steuerungssystemen/
Their idea seems to be: One can use USB pen drives in an environment with the proper safety tools (hardware and software).

Regards, Dieter

[golden_labels]

This is not a source for what you have said above. Provide source for the claim you actually made. Also, please provide it in English, for everyone being able to read it: after all a worldwide conspiracy of that scale must be covered by some English source, right?

[dietert1]

The link i gave you referred to "stuxnet"? On the web you will find some details, like it was a US military project and cost about 50 Million US$. A general named James E. Cartwright was accused in 2013 for giving details of the project to the New York Times. Stuxnet has peer-to-peer capabilities, that is communication when not online. Why don't you ask the experts at Prosoft? If they mention stuxnet in context with USB pen drives, they certainly know more. These things are real.

Regards, Dieter

[golden_labels]

tl;dr: you seem to inflated facts, blown a story out of proportions by a few orders of magnitude, turning a relatively small event of “may happen” nature to a distorted, grotesque vision of the reality where “may” was replaced with “always”. Which is false and harmful to OP.

Yes, it did. But what you said is not that Stuxnet exists. Not even that there exist malware that is being spread on pendrives. Not even about a possible, though complicated and expensive attacks using specially crafted USB sticks. For that I would not ask for sources, considering that I have already covered those in my own answer.

You made a claim, extreme in its nature, about arbitrary USB sticks being inherently dangerous to use, that they run (magically by themselves!) hidden executables, collect data and send them to servers. Drawing a picture that implies they shouldn’t be used at all, and either pretending that’s authoritative information or shutting off criticism by adding that “everybody educated in IT” would support that.

To start with, this is a universal quantification style statement. For that you can’t link a source that gives existential quantification. Even worse, a source that is referring to events that are mostly historical, while your claim is in present tense.

So I am asking, again: provide sources that confirm the statement you have actually made. Not something that matches some random words from it. Otherwise stop spreading misinformation. Feringdon is clueless enough, already fell victim to people spreading similar bullshit and by making such frivolous claims you are hurting them even more. I will not make guesses, what motivates you to do that, but perhaps think twice about the harm you are causing.

No, there is no inherent risk associated specifically with that technology. USB sticks in your control do not come from factory preloaded with malware to steal data from your system and send it to three letter agencies. There is no “everyone educated in IT knows” style knowledge about such a thing. Using pendrives may cause risk, just like anything else may: that happens for very specific reasons and in particular circumstances, not by default. The full explanation is above. You are free to disagree and address concrete points, in case I conveyed invalid information.

[newbrain]

tl;dr: you seem to inflated facts, blown a story out of proportions by a few orders of magnitude, turning a relatively small event of “may happen” nature to a distorted, grotesque vision of the reality where “may” was replaced with “always”. Which is false and harmful to OP.

Yes, it did. But what you said is not that Stuxnet exists. Not even that there exist malware that is being spread on pendrives. Not even about a possible, though complicated and expensive attacks using specially crafted USB sticks. For that I would not ask for sources, considering that I have already covered those in my own answer.

You made a claim, extreme in its nature, about arbitrary USB sticks being inherently dangerous to use, that they run (magically by themselves!) hidden executables, collect data and send them to servers. Drawing a picture that implies they shouldn’t be used at all, and either pretending that’s authoritative information or shutting off criticism by adding that “everybody educated in IT” would support that.

To start with, this is a universal quantification style statement. For that you can’t link a source that gives existential quantification. Even worse, a source that is referring to events that are mostly historical, while your claim is in present tense.

So I am asking, again: provide sources that confirm the statement you have actually made. Not something that matches some random words from it. Otherwise stop spreading misinformation. Feringdon is clueless enough, already fell victim to people spreading similar bullshit and by making such frivolous claims you are hurting them even more. I will not make guesses, what motivates you to do that, but perhaps think twice about the harm you are causing.

No, there is no inherent risk associated specifically with that technology. USB sticks in your control do not come from factory preloaded with malware to steal data from your system and send it to three letter agencies. There is no “everyone educated in IT knows” style knowledge about such a thing. Using pendrives may cause risk, just like anything else may: that happens for very specific reasons and in particular circumstances, not by default. The full explanation is above. You are free to disagree and address concrete points, in case I conveyed invalid information.

I must thank you for sparing me the hassle of writing pretty much the same things.
Extraordinary claims need extraordinary proof, not a link to a three paragraph, generic, article.

[coromonadalix]

I've been given 2x chineese foldable led lamps with an micro usb port for charging them

When i connect them to my pc, they do try to enumarate as a device in the windows device manager, but gives an error mark with no pid vid to show ...

Sure Windows is seeing something ??

I was always intrigued by them, never dismantled them to see what they hide

After this small incident, i always disabled the autorun feature of any windows ...

[dietert1]

Exactly, Autorun is the visible part that you disable to feel safe. Nobody should believe public statements over IT safety. There is good reason to ignore those and instead adhere to restrictive IT safety methods. No USB pen drives in the office!

Although it isn't my business: One exercise i recommend is running a windows PC with airgap. No online connection, no WLAN, tape over USB slots. And it needs to be an older hardware that doesn't include hidden wireless technology on its mainboard. You will find yourself in a miserable situation. After some weeks i setup a data connection based on a MCU testkit, using RS232 to transfer data to the rest of the world. And i found screenshots on the system disk waiting for transmission. Thus you can learn something about IT safety.

Regards, Dieter

[Bassman59]

Exactly, Autorun is the visible part that you disable to feel safe. Nobody should believe public statements over IT safety. There is good reason to ignore those and instead adhere to restrictive IT safety methods. No USB pen drives in the office!

The pro audio company Avid's line of live sound mixing consoles (D-Show, Profile, SC-48, S6L) all run Windows under the hood, because in large part the processing is based on ProTools.

The usual USB drives are used by mix people to store and transfer "show files," which keep all of the console's settings and allow you to build a show on a computer and then load it into the console and now you're all configured as you like.

And I know owners of these consoles that have had to wipe them clean and reinstall the software because someone brought in a USB drive with a virus on it, and the console's Windows doesn't disable the autoload and yes, the console got a virus and wouldn't work. A friend just told me she mixed a show at the Bowery Ballroom in NYC and they have a new S6L and she said that the venue production manager took her USB drive and scanned it for viruses on a computer before allowing her to plug it into the console.

USB drives are just too convenient but there has to be a better way to manage the virus problem with them. Maybe not running Windows is the first step?

[ataradov]

Disabling autorun is not going to help against malicious devices. Your lamp can enumerate as a keyboard, windows (or linux, or mac) will install drivers automatically. The lamp then can launch a browser, type  any address it likes, close the browser. Now you are relying on the browser security and its ability to not launch things unannounced.

And you always run into this risk. The device may not even appear malicious - it may be a normal mouse or USB drive. But after 10 hours of operation it will re-enumerate as a HID device and to the thing. It then can return to its normal state, and you may not notice it for a long time.

[richnormand]

How about this neat toy I have:
https://hak5.org/products/usb-rubber-ducky-deluxe

Just a bit too pricy to leave in the parking lot for some employee to find.... but.
Many USB keys do have a embedded built-in microprocessor and many can be reprogrammed to show you what they want, including looking like a mouse or whatever.

In some sections in my former employment being caught with a USB was pretty much an instant dismissal, after investigation.

[Doctorandus_P]

One way that is a pretty sure method to get rid of viruses is to buy a new SSD, put it in your PC and then make a fresh install of your OS. These day's you've got a pretty decent SSD for EUR50, so cost is not a very big factor. Additional advantage of this method is that you automatically have a backup of your old configuration.

Another method is to download some kind of Linux distribution, put it on an USB stick and then boot from that, and use it to completely wipe your SSD. Some of the Linux distributions are especially designed as (emergency) boot media and come fully loaded with system management utilities.

[Faringdon]

Thanks for all replies...
Please advise if computer hackers can hack into your laptop by knowing what is the IP address of your home router?

I have an EE 4G mobile wifi router. This has an IP address written on the back of it. So I guess its IP address is fixed to that.(?)

Now, as discussed, I have also been connecting USB sticks into work PC’s, and then connecting these same USB sticks to my home laptop, in order to continue working at home. Now it emerges that the companys have set their PC’s up to put malware etc onto USB sticks so connected. I know this because IT staff have recounted to me what youtube songs I listened to the night before, and even repeated exerpts of conversation I had with my partner, the previous evening. I also believe it may be why my home laptop is freezing and hanging regulatly….the “blue circle” has almost become my personal “coat of arms”.

Anyway, I have re-installed windows on the home laptop, but am still getting problems. I actually wonder if they virus’d the USB stick such that it made my home laptop transmit my router IP address to them. Then knowing this IP address…they could hack into my laptop and make it freeze etc?

..As discussed my home laptop is regularly freezing. Strangely this tends to happen mostly between the hours of 11am to 5pm weekdays. When my laptop freezes, and can’t get on the internet, I then take it to the local coffee shop, and go on their wifi there, with no problems.

So this is kind of making me think that the hackers (or their malware) have got my home router IP address, and are able to use it to mess up my home laptop?

I mean, I am on coffee shop wifi now, and my home laptop is fine. (it couldn’t get on the internet 10 mins ago when I was at home) So I am thinking there is some connection with my home router, and its IP address, being “known” to the malware?

So can I change my home routers wifi address?

[Jeroen3]

Nobody talking about the fact that what op describes can be very illegal?

[Just_another_Dave]

Thanks for all replies...
Please advise if computer hackers can hack into your laptop by knowing what is the IP address of your home router?

I have an EE 4G mobile wifi router. This has an IP address written on the back of it. So I guess its IP address is fixed to that.(?)

Now, as discussed, I have also been connecting USB sticks into work PC’s, and then connecting these same USB sticks to my home laptop, in order to continue working at home. Now it emerges that the companys have set their PC’s up to put malware etc onto USB sticks so connected. I know this because IT staff have recounted to me what youtube songs I listened to the night before, and even repeated exerpts of conversation I had with my partner, the previous evening. I also believe it may be why my home laptop is freezing and hanging regulatly….the “blue circle” has almost become my personal “coat of arms”.

Anyway, I have re-installed windows on the home laptop, but am still getting problems. I actually wonder if they virus’d the USB stick such that it made my home laptop transmit my router IP address to them. Then knowing this IP address…they could hack into my laptop and make it freeze etc?

..As discussed my home laptop is regularly freezing. Strangely this tends to happen mostly between the hours of 11am to 5pm weekdays. When my laptop freezes, and can’t get on the internet, I then take it to the local coffee shop, and go on their wifi there, with no problems.

So this is kind of making me think that the hackers (or their malware) have got my home router IP address, and are able to use it to mess up my home laptop?

I mean, I am on coffee shop wifi now, and my home laptop is fine. (it couldn’t get on the internet 10 mins ago when I was at home) So I am thinking there is some connection with my home router, and its IP address, being “known” to the malware?

So can I change my home routers wifi address?

Home routers normally use dynamic ip addresses. This means that they change their ip from time to time and sometimes it can be forced by restarting the router. However, attacking a computer just knowing it’s in address can be difficult. Routers perform an operation called network address translation, which substitutes the sender IP address in packages by its own, so in order to achieve that type of attack they would need to access an open port in the router that redirects to your computer. Additionally, that port would need to have a vulnerability that could be exploited.

Trojans and remote access tools normally don’t work like that. They are usually based on a reverse connection, which means that the infected computer is the one that connects to the attacker. Therefore, knowing the victim’s ip is not needed

On the other hand, as Jeroen3 has stated, installing malware intentionally on your workers’ computers (or in anyone else’s pc) is illegal in most countries

Edit: If problems occur always at certain times of the day, you might want to check which processes start or are running at those moments as probably the one that is causing the problems is one of them

[Bassman59]

Thanks for all replies...
Please advise if computer hackers can hack into your laptop by knowing what is the IP address of your home router?

I have an EE 4G mobile wifi router. This has an IP address written on the back of it. So I guess its IP address is fixed to that.(?)

The router will have a MAC address (actually more than one). You can't change that.

The IP address on the WAN side is assigned by your ISP. The IP address on the LAN side is something you configure.

[janoc]

The amount of BS in this thread is just   

And thinking that most people here are engineers and are supposed to have at least a basic clue how computers work?

(to the person who thinks that their Chinese lamp is trying to hack their Windows - nope, what you are seeing is just Windows attempting to enumerate an USB device and failing at it because the lamp most likely  isn't really talking to the computer at all, only drawing power from the port. All you need for Windows to detect something being connected is a pull-up resistor on one of the data lines.)

[blacksheeplogic]

(to the person who thinks that their Chinese lamp is trying to hack their Windows - nope

Yea, why chip the lamp when it's much easier & cheaper to chip the USB cable. But not to worry, 5G's coming and this will be a thing of the past.

[golden_labels]

While Just_another_Dave’s explanation is delivering the right message, two things need to be clarified.

Whether the IP address is changing with modem reset depends on ISP’s policies. They may, they may not. Even if the address changes, enumerating the entire IPv4 address space is just a few minutes in 2020s.

While NAT accidently provides some level of protection, it is not a firewall. It has never been designed to prevent intentional access to computers behind NAT. NAT’s job is to route packets to desired addresses, not to prevent packets from not being routed. The abstraction NAT provides may be easily misunderstood and wrong conclusion may be drawn from that view, if someone forgets what are the limits of that abstraction. Saying that NAT is a security mechanism is the same as saying that a “turn left” sign on a road prevents cars from turning right. Of the general purpose attacks slipstreaming is the most recent, but there has also been many other examples, dealing with NAT implementations doing nothing to protect against specifically crafted ingress traffic. A quick overview here. On top of that you have vulnerabilities in gateways. And, if that wasn’t enough, NAT may be skipped if the adversary can execute their software inside the target network.

That of course doesn’t mean the response to OP was in general wrong. I support it — just making it clear that some things are not exactly right.