Trojan virus spreads via PC mouse

Think your computer or network can get a Trojan virus or malware only via a malicious website or an infected flash drive? Think again: even a mouse can get the job done, too.

A modified mouse —and almost any hardware device that can be plugged into a computer— can potentially infect a network, as shown in a recent hack by security firm Netragard.

"(We used) electronics which include a teensy microcontroller, a micro USB hub, a mini USB cable (we needed the ends) a micro flash drive (made from one of our Netragard USB Streamers), some home-grown malware (certainly not designed to be destructive), and a USB device like a mouse (or) whatever else someone might be tempted to plug in. When they do plug it in, they will be infected by our custom malware and we will use that point of infection to compromise the rest of the network," Netragard said in a blog post.

Netragard said the challenge had been to penetrate a network with a single IP address bound to a firewall that offered no services.

Other limitations included no use of social networks, telephone, email or physical access to the network to be penetrated.

For its project, Netgard used a fancy Logitech USB mouse fitted with a microcontroller and a tiny USB flash drive where the malware is stored.

But even without the flash drive, Netragard noted it "could still instruct the mouse to fetch the malware from a website."

Netragard also created custom malware for the antivirus software that the target computer is using.

"We wanted our malware to be able to connect back to (us) but we needed more than that. We needed our malware to be fully undetectable and to subvert the 'Do you want to allow this connection' dialogue box entirely. You can’t do that with encoding," it said.

Netragard then shipped the mouse to the target, making it look like a promotional gadget so the victim will use it.

"Sure enough, three days later the mouse called home," it said.

Public unaware of threat

Infoworld's Roger Grimes said that many are unaware that hardware, especially a mouse, can be used to deliver auto-launching exploit code.

"IT security admins must understand that a computer can be compromised by almost any hardware device plugged into it. Hardware is hardware —the instructions coded into it and its firmware takes precedence over software. When we talk trust boundaries in computer security, you always have to remember the hardware boundary must be discussed and defended," Grimes said.

"If I, as the attacker, can convince a victim to plug in some sort of hardware or if I plug it in myself, then it is, for all intense purposes, game over. If I can plug something into your USB, DMA, FireWire, and now mouse port, I'll likely succeed in carrying off a malicious action," he added.

Grimes said end-user education is always worth the effort.

"Let your end-users know that anything they plug into their computer could launch malicious code. That free USB key at the conference show? They shouldn't plug it in, nor should they attach free mice, free keyboards, or whatever if they are at elevated risk of physical attack," he said. — TJD, GMA News

Loading...

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • Troops overrun BIFF bomb-making facility in Mamasapano
    Troops overrun BIFF bomb-making facility in Mamasapano

    Government troops captured Sunday a bomb and weapons factory of the Bangsamoro Islamic Freedom Fighters (BIFF) in Mamasapano, Maguindanao, the Armed Forces of the Philippines (AFP) announced yesterday. Col. Restituto Padilla, AFP spokesman, said the captured bomb and weapons factory is located inside an area controlled by radical Muslim cleric Ustadz Mohammad Ali Tambako at Barangay Dasikil in Mamasapano. …

  • No need for Revilla to visit son – prosecutors
    No need for Revilla to visit son – prosecutors

    Instead of filing an opposition, ombudsman prosecutors filed a manifestation yesterday expressing belief that there is no urgent need for Sen. Ramon “Bong” Revilla Jr. to visit his son at the Asian Hospital and Medical Center. “Based on the clinical abstract issued by the Asian Hospital on patient (Cavite) Vice-governor (Jolo) Revilla, which was submitted by accused Revilla in support of his Urgent Motion, Vice-governor Revilla is in stable condition and has stable vital signs, as of March 1, …

  • N. Korea fires missiles in anger at South-US military drills
    N. Korea fires missiles in anger at South-US military drills

    North Korea fired two short-range ballistic missiles into the sea and vowed "merciless" retaliation Monday as the US and South Korea kicked off joint military drills denounced by Pyongyang as recklessly confrontational. The annual exercises always trigger a surge in military tensions and warlike rhetoric on the divided peninsula, and analysts saw the North's missile tests as a prelude to a concerted campaign of sabre-rattling. "If there is a particularly sharp escalation, we could see the …

  • Couple married 67 years holds hands in final hours together
    Couple married 67 years holds hands in final hours together

    FRESNO, Calif. (AP) — After spending 67 years together as devoted husband and wife, there was no question how Floyd and Violet Hartwig would end their lives — together. …

  • How Islamic is Islamic State group? Not very, experts say
    How Islamic is Islamic State group? Not very, experts say

    CAIRO (AP) — Three British schoolgirls believed to have gone to Syria to become "jihadi" brides. Three young men charged in New York with plotting to join the Islamic State group and carry out attacks on American soil. A masked, knife-wielding militant from London who is the face of terror in videos showing Western hostages beheaded. …

  • Recruitment firm accused of worldwide scam
    Recruitment firm accused of worldwide scam

    Filipinos aspiring to work overseas should avoid dealing with a recruitment agency that has duped jobseekers worldwide, Labor Secretary Rosalinda Baldoz said yesterday. The National Bureau of Investigation has padlocked Global Visas Inc., which is based in Cebu. Baldoz said the agency’s parent company, ICS Global Visas Inc. based in the United Kingdom, has reportedly collapsed and left thousands of applicants without jobs.  “Global Visas was in the limelight this week, following its reported …

  • Lawmakers split on tax exemption for Pacquiao
    Lawmakers split on tax exemption for Pacquiao

    Colleagues of boxing champion Manny Pacquiao at the House of Representatives backed yesterday a proposal to exempt his earnings from his May 2 fight with American Floyd Mayweather from income tax. Internal Revenue Commissioner Kim Henares has urged Pacquiao to promptly pay taxes on his May 2 earnings, which are projected to reach at least $120 million (more than P5.2 billion). …

  • Woman with slain Putin critic says she didn't see his killer
    Woman with slain Putin critic says she didn't see his killer

    MOSCOW (AP) — The 23-year-old Ukrainian model who was with slain opposition leader Boris Nemtsov tearfully recounted Monday their last dinner in a chic Red Square restaurant and their walk onto a nearby bridge — but said she did not see the gunman who pulled the trigger. …

POLL

Should Aquino be held accountable over the Mamasapano operations?

Loading...
Poll Choice Options