There is a powerful new data stealing Trojan being spotted on USB devices everywhere. This widely available malware relies on the particular USB device on which it is installed and leaves no evidence on the compromised system. Known as the “USB Thief”, it utilizes a special mechanism to protect itself from being reproduced or copied, making it even harder to detect by standard anti-virus solutions.
USB Thief depends on the increasingly common practice of storing portable versions of popular applications such as Firefox, NotePad++ and TrueCrypt on USB drives. It then leverages this method by inserting itself into the command chain of such applications, in the form of a plugin or a dynamically linked library (DLL). Whenever such an application is executed, the malware will also be run in the background.
However, what really makes this malware unique is its self-protection mechanism. The malware consists of six files, four being executables and the remaining two as configuration files. To protect itself from reverse engineering, the malware uses AES128-encryption on its files, and the file names are generated from cryptographic elements. The AES encryption key is generated from the USB device ID and particular disk properties of the host USB device, which ensures that the malware can only run from that particular USB device.
But for USB Thief to work, it requires that the computer be able to write to USB – which is where it stashes the stolen data. It does a check, and if it is read-only, then it aborts.
Third Wall is designed to stop data theft, and stops the USB Thief cold. Just activate the “Disable Write to USB” policy on your Third Wall Location tab, and you just made the USB Thief irrelevant. Done, simple, fast. And with Third Wall’s continuous policy monitoring, the “Disable Write to USB” setting will be watched closely for every one of those computers, ensuring they don’t become vulnerable later.
Malware like USB Thief are becoming increasingly more prevalent, thus making the need for security against USB borne attacks center stage.
So whether it is malware, a careless employee, or an employee intentionally stealing sensitive data, Third Wall is there to protect, even when antivirus software misses the threat.
Disabling Write to USB is just one of the many great features the Third Wall plugin brings to your LabTech client. So what are you waiting for? Download your free 30 day trial of Third Wall now (http://www.third-wall.com/requestatrial2) and protect your clients’ data!