If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Thumb drive scanner?
Is there a tool out there that will scan a thumb drive and tell you if
the formatting/partitioning is buggered in a stuxnet sort of way? |
Ads |
#2
|
|||
|
|||
Thumb drive scanner?
On Saturday, March 9, 2019 at 7:33:58 PM UTC-8, wrote:
Is there a tool out there that will scan a thumb drive and tell you if the formatting/partitioning is buggered in a stuxnet sort of way? Have you tried ScanDisk? |
#3
|
|||
|
|||
Thumb drive scanner?
On Sat, 9 Mar 2019 19:43:44 -0800 (PST), James Davis
wrote: On Saturday, March 9, 2019 at 7:33:58 PM UTC-8, wrote: Is there a tool out there that will scan a thumb drive and tell you if the formatting/partitioning is buggered in a stuxnet sort of way? Have you tried ScanDisk? That might tell you if the structure is unusable but not if there is a boot sector virus and another hidden partition full of nasty stuff. |
#4
|
|||
|
|||
Thumb drive scanner?
|
#5
|
|||
|
|||
Thumb drive scanner?
James Davis on Sat, 9 Mar 2019 19:43:44
-0800 (PST) typed in microsoft.public.windowsxp.general the following: On Saturday, March 9, 2019 at 7:33:58 PM UTC-8, wrote: Is there a tool out there that will scan a thumb drive and tell you if the formatting/partitioning is buggered in a stuxnet sort of way? Have you tried ScanDisk? Not what he was asking. -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
#6
|
|||
|
|||
Thumb drive scanner?
|
#7
|
|||
|
|||
Thumb drive scanner?
On Sun, 10 Mar 2019 16:18:33 -0400, Paul
wrote: wrote: Is there a tool out there that will scan a thumb drive and tell you if the formatting/partitioning is buggered in a stuxnet sort of way? One problem would be, the trouble could result instantly from the stick being plugged in. So a purely passive analysis would not be enough. As I understand it, one exploit mechanism is to make the stick a "composite device", hiding USB Mass Storage and a virtual optical drive in the same USB device. There were some U3 sticks which had this feature anyway. Using USBTreeView, you might see a declaration of "Composite" in the device config data, on a U3 style stick. There is a registry entry with Autorun/Autoplay bits, and Microsoft may leave that, such that optical discs still work. Others in the industry wanted them to turn this subsystem off entirely, so it would be a little harder for these things to happen. One third-party technique was to use a software restriction policy, such that could not be accessed, which would "break the chain" for that style of exploitation. But I don't know if that covers every possibility or not. It's an attack surface. That's all I can say for sure. Paul When I was looking around I did see things that would stop the auto run and somewhat protect that host but I was wondering if anyone had the software to flag a bad USB drive with extra partitions and malware. I assume a brand new stick from a reputable firm would be OK but after it is "been around" who knows what it might have picked up. |
#8
|
|||
|
|||
Simple way to disable autorun
On 2019-3-11 4:18, Paul wrote:
.... There is a registry entry with Autorun/Autoplay bits, and Microsoft may leave that, such that optical discs still work. Others in the industry wanted them to turn this subsystem off entirely, so it would be a little harder for these things to happen. One third-party technique was to use a software restriction policy, such that @autorun.inf could not be accessed, which would "break the chain" for that style of exploitation. Add this registry and disable autorun completely: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] @="@SYSoesNotExist" -- Regards, Lu Wei IM: PGP: 0xA12FEF7592CCE1EA |
Thread Tools | |
Display Modes | |
|
|