Can USB Drives Carry Malware?

USB drive USB Drives are so popular these days nobody thinks much about them anymore. They come in all sizes (up to 128GB these days) and don’t really cost that much. They’re cheap enough that some people give them away.

mp3 playerSo can they spread malware such as viruses? Yes, they certainly can. On many Windows computers, when you plug in a USB drive it does a quick search and it can run programs installed on them. Microsoft calls this a feature.

But malware authors (bad hackers) know all about this and they write malware that runs as soon as the device is plugged into a computer. You won’t know it’s happened, malware can install itself quietly in the background without getting in the way of your work.

So what do you do about it?

What else can plug into your USB port and carry malware?

camera And if you’re thinking how can malware get onto a camera, I’ve seen it myself. A friend took their camera to the local shop to print some photos, then lent me the camera so I could help them with something, I detected a virus that installed itself on it from the shop.Yes, it really happens. Take care with USB devices.

June 24, 2009 | Filed Under General, Malware | 1 Comment 

Backups

One of the best things you can do to protect your PC is to perform regular backups. Nightly backups are best – that’s how almost all business operate (some businesses go one step further and do backups every hour!). But for home use this is a bit of a burden, so you should be doing weekly backups, at least.

external drive There are so many ways these days to do a backup. Some common methods are:

  • Internet backups – there are now many backup systems that store your files somewhere on the internet. The idea is that if everything in your home disappears (e.g. by theft or fire), your data is somewhere on the internet and you can restore it when you have a new PC. These are great for many people. E.g. http://mozy.com

    • Having a good backup is extremely important. There are so many things that can go wrong with computers, from hard drive crashes, theft, to malware that takes your files hostage. Having a backup is common sense, it’s a cheap simple insurance against all the things that can go wrong.

    You should also have more than one backup. Using external drives is a good option these days, they’re affordable, and you can keep one at a friend or relative’s house as added insurance.

    How not to do backups:

    So how do you do backups? Post your comments below. We’re also running a poll on backups.

    June 17, 2009 | Filed Under Backups, General | 1 Comment 

    Polls

    I’m trying something new here, polls. I’ll move it to the sidebar later, for now here’s our first poll!

    June 16, 2009 | Filed Under Admin, General | Leave a Comment 

    Can Twittering Help Thieves?

    luggage stuffed with money A business owner in USA had been twittering about his upcoming holiday, and provided further updates when they’d left home for their holiday. Then their home was burgled. Was is chance or did someone know the house would be empty via Twitter?

    It’s not possible to know but it certainly raises awareness about how safe it is to tell strangers about your travel plans. And this doesn’t just apply to Twitter, but to any social site where you’re giving personal information to strangers.

    Read the full article here.

    June 16, 2009 | Filed Under General, Privacy | Leave a Comment 

    Wireless Keyboards

    keyboard green Would you be comfortable knowing that people can “listen in” to your wireless keyboard and watch what you type? It would be a great way to capture passwords, and that’s not a good thing.

    I’ve written about how vulnerable wireless keyboards are. It used to take a lot of skill to hack into a wireless keyboard but now someone’s made it so much simpler. Here are instructions on how to build a wireless keyboard hacking device, complete with the software necessary. This model only works with 27MHz keyboards, which are the older and cheaper kind. It’s quite easy to build this device and to use it.

    With a good enough aerial these type of hacks could be done from your neighbouring unit, house, office, or probably from a vehicle parked outside. You won’t know your wireless keyboard’s been hacked.

    More modern and expensive keyboards can also be hacked, even those that have stickers on them saying how secure they are. But they take a bit more effort and skill.

    I don’t believe in using wireless keyboards, they’re not secure. If you’re using one, it only costs $10 or so to upgrade to a wired one.

    June 12, 2009 | Filed Under General, Security | Leave a Comment 

    Change Your Password Day

    e-security Today is “Change Your Password Day” in Australia, an idea by National E-security Awareness week.

    Whether you live in Australia or anywhere else in the world, changing your password is always a good idea. Below are some do’s and don’ts for passwords:

     

    To help you work out if your password is good you could try using a password meter. Click here for more information.

    And you can use a password safe to keep track of all your complicated passwords. Click here for more information on password safes.

    What are your suggestions for choosing strong passwords? Add your comments below and I’ll put them all together in a new article dedicated to choosing good passwords.

    June 5, 2009 | Filed Under General | 2 Comments 

    Web Sites That Ask For Your Other Passwords

    Social web sites are all the rage these days, such as Facebook, MySpace, Twitter, and there are hundreds of less popular ones as well. The idea with them is that all your friends and family can join and you can share aspects of your life such as photos and comments.

    mystery cubeOften these same sites will ask for other passwords, in an effort to help you find more of your friends and family. For example, when you sign up to Badoo.com it asks you for your MSN username and password. They do this so they can log into MSN with your account, get a list of your contacts, and invite them to join Badoo. Facebook can do this too only on a grander scale.

    It’s good in theory but there are some large risks involved. When you sign up and are prompted to enter your MSN details (or any other account), consider these questions:

    You can see where this is leading. If you enter your other passwords into someone’s web site you’ve lost control and put yourself at some risk.

    So when you sign up to a new site and it asks you for other passwords you already have, your initial reaction should be to refuse. Then consider if the benefits of doing so are worth the risk.

    I’d like to thank our regular reader Nick for bringing this issue up.

    June 2, 2009 | Filed Under General, Privacy, Security, Software | Leave a Comment 

    Twitter Phishing: #twitterpornnames

    Twitter is the biggest internet craze since Facebook, there are currently an estimated 6 million people using it.

    A few days ago Twitter users were asked to take part in a “game” called #twitterpornnames. How does it work? You’re supposed to announce a made-up name along with the hash tag and share it. The formula provided to create your name just happens to match some very common security questions to help people reset their passwords. Pet’s name. First teacher. Street you grew up on.

    So when people started participating they were in fact sharing the same information used by web sites to reset passwords. It’s called social engineering. It tricked people into revealing sensitive information. And the nature of Twitter is that people share information and click on links without much thought (is this a Gen-Y thing?)

    If you use Twitter and see these sort of “games” going around, don’t share private sensitive data so easily. This same data can be used to hack into your accounts.

    May 13, 2009 | Filed Under General, Identity Theft | Leave a Comment 

    Can Malware Damage Your PC?

    We all know that malware can steal your passwords, cause you to lose money, and spread itself to other PCs. But can malware actually cause damage to your PC?

    The short answer is yes.

    A botnet is a collection of infected PCs under a hacker’s control. There are millions of PCs today forming these botnets (millions of infected home computers being controlled by hackers). Some new research on botnets shows that they sometimes include code to completely disable the PC.

    In April 2009 a malicious hacker decided to “kill” the PCs he was controlling using a botnet. It disabled Windows on 100,000 computers, making all those PCs useless until a technician can repair it. (This is a slight simplification but for the general public it’s accurate enough). These 100,000 computers belonged to real people using their computers at home or at the office. One day it just stopped working because a malicious hacker thought it’d be fun. You can read more detailed information about this here.

    And then there are other malware (viruses etc) that can damage the PC in more serious ways. In March 2009 researches created a sample malware that writes itself to the computer’s BIOS (the BIOS is inside a chip inside the PC) . Reformatting the PC won’t remove it, buying a new hard drive won’t remove it either, and they claim that even a “BIOS flash” won’t remove it. You’d have to buy a new PC (or if you’re technical, a new motherboard) to fix it. More info here.

    In the past there have been viruses that could damage drives and monitors but there’s been very little of this lately.

    So overall malware can cause your PC to visit a repair shop for servicing, which is not only an inconvenience but also costly. It’s always better to prevent malware than to repair the damage (and often you may not know a PC is infected). And the usual tips apply here:

    May 13, 2009 | Filed Under General, Malware | Leave a Comment 

    ← Previous PageNext Page →