Thumb drive scanner?
Is there a tool out there that will scan a thumb drive and tell you if
the formatting/partitioning is buggered in a stuxnet sort of way? |
Thumb drive scanner?
On Saturday, March 9, 2019 at 7:33:58 PM UTC-8, wrote:
Is there a tool out there that will scan a thumb drive and tell you if the formatting/partitioning is buggered in a stuxnet sort of way? Have you tried ScanDisk? |
Thumb drive scanner?
On Sat, 9 Mar 2019 19:43:44 -0800 (PST), James Davis
wrote: On Saturday, March 9, 2019 at 7:33:58 PM UTC-8, wrote: Is there a tool out there that will scan a thumb drive and tell you if the formatting/partitioning is buggered in a stuxnet sort of way? Have you tried ScanDisk? That might tell you if the structure is unusable but not if there is a boot sector virus and another hidden partition full of nasty stuff. |
Thumb drive scanner?
|
Thumb drive scanner?
James Davis on Sat, 9 Mar 2019 19:43:44
-0800 (PST) typed in microsoft.public.windowsxp.general the following: On Saturday, March 9, 2019 at 7:33:58 PM UTC-8, wrote: Is there a tool out there that will scan a thumb drive and tell you if the formatting/partitioning is buggered in a stuxnet sort of way? Have you tried ScanDisk? Not what he was asking. -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
Thumb drive scanner?
|
Thumb drive scanner?
On Sun, 10 Mar 2019 16:18:33 -0400, Paul
wrote: wrote: Is there a tool out there that will scan a thumb drive and tell you if the formatting/partitioning is buggered in a stuxnet sort of way? One problem would be, the trouble could result instantly from the stick being plugged in. So a purely passive analysis would not be enough. As I understand it, one exploit mechanism is to make the stick a "composite device", hiding USB Mass Storage and a virtual optical drive in the same USB device. There were some U3 sticks which had this feature anyway. Using USBTreeView, you might see a declaration of "Composite" in the device config data, on a U3 style stick. There is a registry entry with Autorun/Autoplay bits, and Microsoft may leave that, such that optical discs still work. Others in the industry wanted them to turn this subsystem off entirely, so it would be a little harder for these things to happen. One third-party technique was to use a software restriction policy, such that could not be accessed, which would "break the chain" for that style of exploitation. But I don't know if that covers every possibility or not. It's an attack surface. That's all I can say for sure. Paul When I was looking around I did see things that would stop the auto run and somewhat protect that host but I was wondering if anyone had the software to flag a bad USB drive with extra partitions and malware. I assume a brand new stick from a reputable firm would be OK but after it is "been around" who knows what it might have picked up. |
Simple way to disable autorun
On 2019-3-11 4:18, Paul wrote:
.... There is a registry entry with Autorun/Autoplay bits, and Microsoft may leave that, such that optical discs still work. Others in the industry wanted them to turn this subsystem off entirely, so it would be a little harder for these things to happen. One third-party technique was to use a software restriction policy, such that @autorun.inf could not be accessed, which would "break the chain" for that style of exploitation. Add this registry and disable autorun completely: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] @="@SYS:DoesNotExist" -- Regards, Lu Wei IM: PGP: 0xA12FEF7592CCE1EA |
All times are GMT +1. The time now is 04:56 PM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters