Trojans and Worms in a CyberSecurity Emergency

Disclaimer: This content is the result of my having survived several emergencies of varying effect sizes. Most of these ideas are rules of thumb, and not canned answers. As in any emergency your best outcome will be if you keep calm, consider many options, and flow from plan to backup plan as required.



malware n. (short for malicious software) a piece of executable code that has malicious intent (source: Wikipedia)

trojan n. (short for trojan horse after Greek mythology) malware that masquarades as a useful or routine piece of code (source: Wikipedia)

worm n. (short for computer worm) stand-alone malware that self-replicates over a computer network or using some hardware interface (source: Wikipedia)

rootkit n. malware that hides in the core operating system by installing itself inside normal OS binaries; typically grants system-wide access to the attacker

virus n. (short for computer virus) malware that self-replicates but that must be attached as a hidden part of an existing useful file or useful piece of the operating system (source: Wikipedia)



It is my impression that computer viruses have gone out of vogue. Today, the seemingly most dangerous malware are USB trojans and worms. Sometimes the USB trojans are worms.

Hands down, the most dangerous exploit that I have seen is a rootkit USB trojan and worm that seems to effect every major operating system. My USB backup and backup media work-arounds appear to stop USB trojans in their tracks. I do not know of a detection method for this trojan or an OS patch to prevent auto execution of these trojans.

Please take special care when using USB storage devices. Please make sure to clean your backup files if they are stored on a USB storage device.


Homework

  1. If you have an infected computer plug a USB storage device into it to capture the USB trojans. Examine the USB drive and identify the code for the trojan(s) that auto executes on mount.
  2. Design a detector for any trojans that you find.
  3. Design a clean boot USB that can scan any unencrypted hard-disk for evidence of rootkits.
  4. Can you design a trojan detector that is provably secure?
  5. Can you find the OS vulnerability that allows USB trojans to auto execute?
  6. Can you repare the OS vulnerabilities to USB trojans?


© 2015-2021 Intrepid Net Computing. All rights reserved.