ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

SanDisk accused of "Shades of Sony Rootkit"

(1/4) > >>

Carol Haynes:
The following is a summary of an article I read - unfortunately it isn't available without paid subscription but I thought it important enought to point out the issue here:

Sandisk Cruzer Micro 4GB flash drives.
Plug in the card reader, and up pops LaunchPad and wants to install Skype and other apps.
Not unusual Flash cards often come preinstalled with software.
But autoplay is off so how did it launch?

Deleted the files from the Flash drive. Insert the USB drive again - same thing happens.
Reformat the drive and it all happens again.

It is a "smart" Flash drive including U3 technology which emulates a CD-ROM drive (for part of its data area).
Autoplay is enabled by default for CD-ROM drives and you can't delete files from a CD-ROM.

There is an uninstall utility from U3.com to delete U3 technology (but SanDisk hide the fact) that makes the drive into a plain Flash drive again.

Shades of the Sony BMG rootkit!
No evidence to believe that Sandisk installed software, let alone installed a rootkit but I want to install software under control.

Beware of USB devices! If Flash drives can do this then it could any USB device next!
--- End quote ---

Orginal article by Ryan Russell in the WindowsSecret Newsletter.

The question left unanswered is what happens when a non-savvy user tries this - I would suspect that a lot of people would simply install Skype etc. if they have never heard of it assuming it was something to do with their new super duper flash card !!!

mrainey:
I got a kick out of the article he mentioned.  A company hired to test the security of a credit union network was able to gain access to password and login info by sprinkling trojan-containing USB flash drives in the parking lot and other employee areas.  Seems that the majority of them were soon found and plugged into credit union PC's.


http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1

allen:
I find this a bit saddening, I've been a long time fan of SanDisk's thumb drives and portable mp3 players . . . with gimmicks like that, though, my next usb drive is likely to have a different watermark.

JavaJones:
Wow, seeding tojan infected USB drives, that's sneaky! The network admins at a credit union ought to have most access ports for that kind of thing blocked of course, but I'm sure there's always a way through...

- Oshyan

f0dder:
Well, limit user accounts to non-admin privileges, use policies to turn autorun off... that should be one step closer. But of course stupid users click PamelaNude.jpg.exe containing a 0day virus/trojan, that's hard to stop.

Navigation

[0] Message Index

[#] Next page

Go to full version