Trojan virus spreads via PC mouse

Think your computer or network can get a Trojan virus or malware only via a malicious website or an infected flash drive? Think again: even a mouse can get the job done, too.

A modified mouse —and almost any hardware device that can be plugged into a computer— can potentially infect a network, as shown in a recent hack by security firm Netragard.

"(We used) electronics which include a teensy microcontroller, a micro USB hub, a mini USB cable (we needed the ends) a micro flash drive (made from one of our Netragard USB Streamers), some home-grown malware (certainly not designed to be destructive), and a USB device like a mouse (or) whatever else someone might be tempted to plug in. When they do plug it in, they will be infected by our custom malware and we will use that point of infection to compromise the rest of the network," Netragard said in a blog post.

Netragard said the challenge had been to penetrate a network with a single IP address bound to a firewall that offered no services.

Other limitations included no use of social networks, telephone, email or physical access to the network to be penetrated.

For its project, Netgard used a fancy Logitech USB mouse fitted with a microcontroller and a tiny USB flash drive where the malware is stored.

But even without the flash drive, Netragard noted it "could still instruct the mouse to fetch the malware from a website."

Netragard also created custom malware for the antivirus software that the target computer is using.

"We wanted our malware to be able to connect back to (us) but we needed more than that. We needed our malware to be fully undetectable and to subvert the 'Do you want to allow this connection' dialogue box entirely. You can’t do that with encoding," it said.

Netragard then shipped the mouse to the target, making it look like a promotional gadget so the victim will use it.

"Sure enough, three days later the mouse called home," it said.

Public unaware of threat

Infoworld's Roger Grimes said that many are unaware that hardware, especially a mouse, can be used to deliver auto-launching exploit code.

"IT security admins must understand that a computer can be compromised by almost any hardware device plugged into it. Hardware is hardware —the instructions coded into it and its firmware takes precedence over software. When we talk trust boundaries in computer security, you always have to remember the hardware boundary must be discussed and defended," Grimes said.

"If I, as the attacker, can convince a victim to plug in some sort of hardware or if I plug it in myself, then it is, for all intense purposes, game over. If I can plug something into your USB, DMA, FireWire, and now mouse port, I'll likely succeed in carrying off a malicious action," he added.

Grimes said end-user education is always worth the effort.

"Let your end-users know that anything they plug into their computer could launch malicious code. That free USB key at the conference show? They shouldn't plug it in, nor should they attach free mice, free keyboards, or whatever if they are at elevated risk of physical attack," he said. — TJD, GMA News

Loading...

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • US missile cruiser docks at Subic
    US missile cruiser docks at Subic

    A US Navy missile cruiser has dropped anchor in Subic Bay as part of “routine port call,” amid rising tension in the West Philippine Sea stirred by China’s island building activities and other threatening moves by its forces. The arrival of the Ticonderoga-class missile cruiser USS Shiloh (CG-67) at the Subic Bay Freeport in Olongapo City yesterday was “just a routine port visit for ship replenishment and routine maintenance of shipboard system,” said Philippine Navy Public Affairs Office …

  • Agri, power sectors should brace for El Niño
    Agri, power sectors should brace for El Niño

    The agriculture and power sectors, as well as the general public should brace for a prolonged El Niño phenomenon that could further reduce water supply for electricity and irrigation, the Philippine Atmospheric, Geophysical and Astronomical Services Administration (PAGASA) warned yesterday. Flaviana Hilario, acting deputy administrator for research and development of PAGASA, said the El Niño condition is expected to intensify from weak to moderate by August this year. Anthony Lucero, …

  • China to US: Help cool down Phl on sea row
    China to US: Help cool down Phl on sea row

    The US should help “cool down” the Philippines and realize that its meddling in the West Philippine Sea (South China Sea) dispute would only stir tensions, a Chinese newspaper reported. “Washington should know its meddling in the South China Sea has been destabilizing the region. The US has vowed not to take sides in the territorial dispute, which involves China, the Philippines, Vietnam, Malaysia, Brunei and Taiwan. …

  • No stopping K to 12 despite SC case, protests
    No stopping K to 12 despite SC case, protests

    K to 12 is the fruit of years of comprehensive consultations involving different sectors in education,” Aquino said during the launching of the program at the Philippine International Convention Center (PICC) in Pasay City. Organized by the Department of Education (DepEd), the launch was attended by teachers, students and representatives from different stakeholders supportive of the K to 12 program. It was held two years after the signing of Republic Act 10533, or the Enhanced Basic Education …

  • MNLF pushes review of peace pact with gov’t
    MNLF pushes review of peace pact with gov’t

    The Moro National Liberation Front (MNLF) maintained its bid for completion of the tripartite review of the implementation of the peace agreement with the Philippine government in 1996. The MNLF’s desire to put consensual closure to the tripartite effort was relayed by its leaders to Sayed El-Masry, the special envoy of the Organization of Islamic Cooperation (OIC), during the annual foreign ministers conference in Kuwait last Thursday. The MNLF peace agreement with the government in Sept. 2, …

  • Noy to raise sea dispute issue with Abe
    Noy to raise sea dispute issue with Abe

    President Aquino is expected to raise the West Philippine Sea dispute during his meeting with Japanese Prime Minister Shinzo Abe in Japan next week. However, there is no word yet if the Philippines will specifically ask Tokyo to join calls for China to stop its massive reclamation activities in disputed waters. Aquino will leave for Tokyo on June 2 for a state visit until June 5. …

  • CHED releases wrong data on tuition hike
    CHED releases wrong data on tuition hike

    The Commission on Higher Education (CHED) appears to have released erroneous data on the allowed tuition and other fee increases in Metro Manila for the incoming academic year. On the list of the 51 approved higher education institutions (HEI) allowed to impose hikes, CHED pegged the average increase in tuition at P32.34 per unit and the average increase in other fees at P34.79. However, a Philippine STAR re-computation showed that the actual average approved tuition increases in Metro Manila …

  • Leni Robredo may run for senator
    Leni Robredo may run for senator

    The widow of the late Interior Secretary Jesse Robredo admitted that running for higher office in 2016 had crossed her mind. Camarines Sur Third District Rep. Leni Robredo said she is focused on her re-election, but there is always the possibility that she would seek higher office. “There is always that possibility… because the filing (of certificate of candidacy) is in October yet,” Robredo said in an interview after her speech during the 23rd Girl Scouts of the Philippines Council …

POLL

Should Aquino be held accountable over the Mamasapano operations?

Loading...
Poll Choice Options