07 Apr New USB Thief Trojan is Virtually Undetectable
There’s a new threat lurking just beyond the periphery of your network. It’s called USB Thief, and while it doesn’t quite measure up to the most sophisticated attacks currently making the rounds, it is definitely top-tier, and is raising eyebrows as security professionals attempt to analyze it.
That analysis is surprisingly hard to conduct, actually. The malware, called “USB Thief,” is embedded on a flash or thumb drive, and the encryption and defensive mechanisms built into the malware are such that it can’t be copied to another device to experiment or run tests on it.
It’s fairly stealthy too, typically hidden in a DLL (dynamic link library) of some other application, like a web browser. When the software on the thumb drive is run/activated, the Data Thief runs quietly in the background. Because the malware resides wholly on the thumb drive, it leaves no trace of itself or its activities on the computer it’s targeting.
In terms of what this particular malware does, quite simply, it scans the target computer and steals data. It can be configured in a variety of different ways, depending on what the hacker is after, collecting documents, spreadsheets, databases, or harvesting files in a given date range. The sky’s the limit, really. Whatever the hackers want, they can get access to.
The only catch? An unsuspecting user has to actually plug the unknown, untrusted thumb drive into the machine in question.
If you don’t plug the USB into a computer on your network, it can’t hurt you. If you and your staff are not in the habit of plugging in unknown or untrusted thumb drives, then this malware poses little threat to you, but bear in mind that unless you have some protocols in place to identify and track the USB drives you use in the day-to-day conduct of your business, it would be very easy for someone to slip an infected drive into the mix, without your ever knowing about it. Even worse, the payload can obviously be changed at the whim of the hackers to something significantly more destructive than simple data theft.
Don’t be taken unawares. If you are concerned that your system may have been compromised, contact one of our qualified data security consultants, who can help you identify any kinks in your network’s armor, in order to provide maximum security and protection.