Trojan virus spreads via PC mouse

Think your computer or network can get a Trojan virus or malware only via a malicious website or an infected flash drive? Think again: even a mouse can get the job done, too.

A modified mouse —and almost any hardware device that can be plugged into a computer— can potentially infect a network, as shown in a recent hack by security firm Netragard.

"(We used) electronics which include a teensy microcontroller, a micro USB hub, a mini USB cable (we needed the ends) a micro flash drive (made from one of our Netragard USB Streamers), some home-grown malware (certainly not designed to be destructive), and a USB device like a mouse (or) whatever else someone might be tempted to plug in. When they do plug it in, they will be infected by our custom malware and we will use that point of infection to compromise the rest of the network," Netragard said in a blog post.

Netragard said the challenge had been to penetrate a network with a single IP address bound to a firewall that offered no services.

Other limitations included no use of social networks, telephone, email or physical access to the network to be penetrated.

For its project, Netgard used a fancy Logitech USB mouse fitted with a microcontroller and a tiny USB flash drive where the malware is stored.

But even without the flash drive, Netragard noted it "could still instruct the mouse to fetch the malware from a website."

Netragard also created custom malware for the antivirus software that the target computer is using.

"We wanted our malware to be able to connect back to (us) but we needed more than that. We needed our malware to be fully undetectable and to subvert the 'Do you want to allow this connection' dialogue box entirely. You can’t do that with encoding," it said.

Netragard then shipped the mouse to the target, making it look like a promotional gadget so the victim will use it.

"Sure enough, three days later the mouse called home," it said.

Public unaware of threat

Infoworld's Roger Grimes said that many are unaware that hardware, especially a mouse, can be used to deliver auto-launching exploit code.

"IT security admins must understand that a computer can be compromised by almost any hardware device plugged into it. Hardware is hardware —the instructions coded into it and its firmware takes precedence over software. When we talk trust boundaries in computer security, you always have to remember the hardware boundary must be discussed and defended," Grimes said.

"If I, as the attacker, can convince a victim to plug in some sort of hardware or if I plug it in myself, then it is, for all intense purposes, game over. If I can plug something into your USB, DMA, FireWire, and now mouse port, I'll likely succeed in carrying off a malicious action," he added.

Grimes said end-user education is always worth the effort.

"Let your end-users know that anything they plug into their computer could launch malicious code. That free USB key at the conference show? They shouldn't plug it in, nor should they attach free mice, free keyboards, or whatever if they are at elevated risk of physical attack," he said. — TJD, GMA News

Loading...

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • Philippine troops end offensive they say killed 139 rebels
    Philippine troops end offensive they say killed 139 rebels

    MANILA, Philippines (AP) — A monthlong Philippine offensive against hard-line Muslim rebels ended Monday after 139 insurgents were killed, 12 others were captured and bomb-making strongholds were seized by troops, the military chief said. …

  • Developers prepare for new rules and regulations
    Developers prepare for new rules and regulations

    Known as the "Subdivision and Condominium Buyers' Protective Decree," Presidential Decree No. 957 issued two sets of revised implementing rules and regulations (IRRs) earlier in 2015. A bill initiated by former President Ferdinand Marcos in 1976, the decree and its most recent amendments were designed to "protect buyers from fraudulent and unscrupulous subdivision and condominium sellers, operators and developers," according to the explanatory note that accompanied the bill in its senate …

  • ‘Get SAF 44 killers before BBL passage’
    ‘Get SAF 44 killers before BBL passage’

    Lawmakers are demanding the arrest of the Moro Islamic Liberation Front (MILF) fighters involved in the killing of 44 policemen in Mamasapano before the approval of the proposed Bangsamoro Basic Law (BBL) in Congress. Cagayan de Oro Rep. Rufus Rodriguez, chairman of the 75-member ad hoc committee in the House of Representatives deliberating on the BBL, prodded the Department of Justice (DOJ) to speed up its investigation and file charges against the MILF guerrillas as the Aquino administration …

  • Pinoys dance for Earth Hour
    Pinoys dance for Earth Hour

    The Philippines once again displayed its support Saturday night for the worldwide observance of Earth Hour by hosting a dance party after turning the lights off from 8:30 to 9:30 p.m. to save energy and make a statement on various environmental issues. The World Wide Fund for Nature (WWF) said widespread participation proved anew that no individual action on climate change is too small and that no collective vision is too big with celebrations in over 7,000 hubs in 170 countries. The WWF said …

  • Phl offers Sabah to win Malaysia’s support for UN case vs China
    Phl offers Sabah to win Malaysia’s support for UN case vs China

    The Philippines has offered to downgrade its claim on Sabah in exchange for Malaysia’s support for its case against China before the United Nations. The quid pro quo was contained in a note verbale the Department of Foreign Affairs (DFA) handed to a representative of the Malaysian embassy last week, a week after the visit of Malaysian Defense Minister Dato  Seri Hishammuddin Tun Hussein. The note verbale, a copy of which was obtained by VERA Files, referred to the May 6, 2009 joint submission …

  • Maysak to enter Phl Wednesday
    Maysak to enter Phl Wednesday

    A typhoon with international name Maysak is expected to enter the Philippine area of responsibility (PAR) on Wednesday and bring rains over Northern Luzon by weekend, the state weather bureau said yesterday. Aldczar Aurelio, weather forecaster of the Philippine Atmospheric, Geophysical and Astronomical Services Administration (PAGASA), said the typhoon was 2,810 kilometers east of Mindanao as of 10 a.m. yesterday. “This typhoon is still too far to affect any part of the country,” the weather …

  • Nonviolent disciplining of kids pushed

    Child rights advocates called on senators to pass and strongly endorse a law that will institutionalize positive and nonviolent methods of disciplining children.The Child Rights Network (CRN), Plan International Philippines (PIP), Philippine Legislators’ Committee on Population and Development (PLPCD), and Lihok Pilipinas Foundation led the call for the enactment of the Positive Discipline Bill.Several Quezon City Council members led by Majority Floor Leader Jesus Manuel Suntay, Victor Ferrer …

  • Method to their madness

    [caption id="attachment_256768" align="alignright" width="212"] Illustration by Rod Cañalita[/caption] EMMANUEL PORTUGAL Country Manager for the Philippines, VMware I look after the garden. I’d like to think that I have a green thumb—no plants have died so far! The ones I like now that I planted a few months ago is the Blue Iris. Like the town in the movie, my Blue Iris shows up in the morning and only appears for one day. …

POLL

Should Aquino be held accountable over the Mamasapano operations?

Loading...
Poll Choice Options