Use your computer fearlessly.

[ Security | Consulting | Research ]


by Brent Kirkpatrick

(Date Published: .)

An exploit that is both USB Trojan and worm can spread rapidly.

A potent combination is a USB Trojan with worm transmission capability. The USB Trojan allows the exploit to hide on USB drives and install itself on any computer that mounts the drive. The worm transmission allows the exploit to spread on a network. This combination is so effective, because, should some network feature block the worm, secondary transmission via USB drive can allow the worm to leap over obstacles. Infection will be more ubiquitous, although potentially slower, than the infection rate of the worm alone.

Suppose that a hacker already released a worm and found that they were unable to infect all the computers that they wanted to access. It is natural for the hacker to manually seed the worm in multiple places. If this manual strategy works, it is reasonable to add the Trojan feature to the worm to automate the manual seeding.

The best way to block a worm's transimission is network defenses. And the best way to block a Trojan is to prevent it from installing. Therefore, it often takes isolating the machine code of a Trojan-worm in order to block its spread and remove it from computers that it has infected.

© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.