USB Thief Appears Undetected, Then Leaves With Your Sensitive Information

By now, most people are aware of the harm that both viruses and malware can do to your sensitive information. This is also an issue that small businesses need to be concerned about as their financial and customer information could be compromised. A new threat, USB Thief, means that computer users might not even realize their data has been hacked because the mechanism that has done so is armed with a method of self-protection.

How USB Thief Works

As researchers have recently discovered, USB Thief relies on using a USB device to attack an air-gapped computer or an isolated server. Once it attacks, USB Thief leaves nothing behind to alert you to its presence. While other types of malware use traditional methods of spreading, such as attaching itself to shortcuts and autorun files that then enable it to spread, USB Thief is a different animal altogether, making it a challenge to discover.

Piggybacking on USBs

Much like its name suggests, USB Thief gains entry to your system by piggybacking on portable thumb drives that contain those applications that you use the most, such as Firefox, TrueCrypt and NotePad++. It then takes up residence within the application’s chain command using a plugin or a library that is dynamically linked. The result? When the target host is running, the malware is also running quietly and unobtrusively in the background without your knowledge. It does so by utilizing six files — four that are executable and two that are loaded with configuration data.

How to Protect Yourself from USB Thief

The research firm that discovered USB Thief noted that the malware was particularly difficult to break down. This is partially due to the fact that the malware executes three payloads with the ability to steal data with each instance. USB Thief also protects itself by making a different filename with each piece of malware that it executes. While this particular piece of malware is not widespread as of this writing, it has the potential to do a great deal of damage. It is advisable to turn the autorun feature of any computers off and to avoid using thumb drives from any unknown sources.

Malware can cause numerous problems for your small business. Protect it and yourself by engaging a reliable IT support partner in Raleigh. Give Raleigh IT Support Company and IT Services Provider | CSP Inc. a call at (919) 424-2000 or drop us an email at info@cspinc.com.