bag-de-body Posted April 15, 2010 Share Posted April 15, 2010 Hmmm... so I'm thinking, how do I defend myself against this thing? Our PCs are fairly locked down - so you wouldn't (for example) be able to use Start>Run as a normal user. Physical security: Don't plug in unknown USB sticks when you're an administrator - common sense really - and naturally enough don't leave your machine physically accessible to third parties anyway. You might be able to detect this on the basis of the speed of typing - even if we assume a really fast typist, there's probably some sort of clue with respect to regularity of the keystrokes. I suppose you could pretend to be a memory stick as well as a HID? We're used to occasionally seeing the "Windows has detected new hardware" message, and most of us will plug in a memory stick without really thinking. (Usually because we think our virus checker will protect us.) Assuming that you did go the Start>Run route, then you could deliver your payload while their back is turned with a wireless click - so they wouldn't see the momentary flash of the dialog on screen. You could even disguise it when they're browsing the net - they'd probably think it was a pop-up. The key thing is to know it's out there, so you're better prepared. That said, if you've physical access, wouldn't it be better to sit as a keylogger in between - perhaps disguised as a USB hub? You'd be more likely to go unnoticed, as you're being passive, not active? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.