USB Thief Trojan: A Danger to Everyone
stuxnet trojan - da vinci forensics

Known as the “USB Thief”, it was discovered by ESET security firm researchers, and it has embarked on an entire new cybercrime venture. The sophisticated design is loaded onto a USB and crafted to steal data for specifically targeted systems that are not connected to the internet. This might include such critical operations such as shipyards, nuclear facilities, and power plants. The potential danger to these types of systems goes without saying as this same type of destructive ability was introduced a few years ago via the Stuxnet worm on USB that was responsible for the damage to many of the centrifuges at the Iran Natanz uranium enrichment facility.

stuxnet trojan - da vinci forensics

How STUXNET worked

eMail us for more information on ESET security software.

The unique properties of this malware is in the design. Highly destructive, the malware is loaded onto a USB stick and then inserted into a computer. Each copy will only operate on the specific USB and will not function if copied to another one. The malware is proficient in avoiding detection as well as its reverse engineering abilities. The malware attaches itself to a DLL (dynamically linked library) file that is part of the command chain of various applications that can be stored on USB. These can include Notepad++, Firefox as well as TrueCrypt. Once any of the applications are executed the malware begins to steal data by running in the background without giving the users any idea that it is in operation. The fact that it is encapsulated on the USB stick enables it to leave absolutely no detection on a computer system or network.

The true difference in this malware is in its ability to self-protect, as the malware files are protected with AES128 encryption and that is tied to the unique USB device ID. The malware will therefore only run on that specific USB device and can’t be copied elsewhere. Designed to steal data such as documents, images and all data files, it also steals the Windows registry tree and then encrypts the data that is stolen. So far, this malware doesn’t seem to be very widespread but the foundation has already been set so that it can be easily adjusted and changed for more malicious intentions.

“Maintaining real time education on the various cyberattack methods is one of the top priorities at Da Vinci Forensics. As we move forward in a connected environment and add firewalls and security, cybercriminals will continue to seek out the weak loopholes to spread viruses and malware. Our goal is to assist our clients and the public in recognizing vulnerabilities and maintaining a high level of security through education and proactive actions.”

Sharon Knowles, CEO of DaVinci Forensics



More articles