EvilZone

Hacking and Security => Hacking and Security => Topic started by: gingk0 on November 19, 2014, 10:08:05 PM

Title: Pretty nifty way to infect users on a large scale
Post by: gingk0 on November 19, 2014, 10:08:05 PM

This (http://www.reddit.com/r/talesfromtechsupport/comments/2mkmlm/the_boss_has_malware_again/) story is about a person who got infected because he bought a cheap e-cigarette from china, which had a USB charger with malware on it.

When you plug a usb device in your computer, do the drivers install from that device or is it all from windows update? If so, could someone rewrite a driver and hide malware in it? I don't know if the person got a UAC-dialog when plugging in the charger.

Title: Re: Pretty nifty way to infect users on a large scale
Post by: 0E 800 on November 19, 2014, 11:10:55 PM

I think its possible.
The question is however, why didn't the IT professionals have any log data about where the malware was going. Firewall logs?  What did the malware do that was so mal?
There was a data breach, how did they discover the data breach was from the exec if there were no logs of malicious activity on his computer?

The IDS wasn't tripped when data was being sent to China?

They also did not provide any pictures or details about the name of the ecigg.

Wouldn't have been to hard to load it up on a VM and verify it was the charger.

"We have a virus, but how? Oh, its cloudy outside, it must have come from the cloud."

I call bullshit on the story.

Its not social engineering, its reading comprehension.

Title: Re: Pretty nifty way to infect users on a large scale
Post by: Xires on November 20, 2014, 04:20:40 AM

@OE 800; have a fucking cookie!  Great response and decent questions.