Open Unknown USB Drives/CD-ROMs With A Virtual Machine To Avoid Malware Attacks

The US Department of Homeland Security recently planted several USB drives and CD-ROMs in a government facility parking lot to see how easy it would be to spread viruses, and 60% of workers plugged the drives and CDs into their computers accidentally executing the malware inside. To avoid the same mistake you should always open unkown discs and USB drives with a virtual machine.

Photo by Flickr user Viewoftheworld

Curiosity can get the best of us. If you're the kind of person who is dying to know what might be on a found drive, use a virtual machine with no permissions. That way no matter what lurks on the drive you can ensure that it won't spread through your system.

Virtualisation simply means running one OS(the "guest") on another OS (the "Host"). You can configure your guest OS to allow no permissions so that you can see what data is on the disc/drive without leaving any way for potential malware to harm your system. To learn how to use virtual machines check out our beginner's guide to creating virtual machines with VirtualBox.

Human Errors Fuel Hacking as Test Shows Nothing Stops Idiocy[Bloomberg via TNW]


Comments

    And if your host is configured to auto-run connected devices, you're still potentially opening up your host for infection.

    Virtualisation is great, but I wouldn't be recommending it as a means to investigate unknown USBs/CDs. With Virtualisation you're still relying on the controls of the host to prevent the potential malware being executed - if your host is a production and/or Windows box, that's not something you want to have to test.

    Perhaps, instead of a taking the risk, try booting a Linux LiveCD and using that to analyse the contents of the USB. It's not going to auto-run the code (in most cases, unless it's targeted at Linux malicious code won't run at ALL) and anything memory resident gets dropped as soon as you close the LiveCD instance.

    A linux live CD would also be easier to organise, as it's easier to simply run a CD at boot time rather than setting up VirtualBox/VMWare and installing a guest operating system.

    I agree with Rawr, auto execution on the host is still a risk - better to run on an isolated box designed for the purpose...

    or you could open it up on someone elses computer :D library, net cafe, communal work pc for example haha

    If you turn off autorun and use sandboxie then you can check drives and files pretty easily.

    Your link to the beginner’s guide to creating virtual machines with VirtualBox just points back to this article.

      Damn mangled quote marks! Thanks for the spot, fixed now.

    Opening thumbdrives/cds you just 'find' is a terrible idea from a security standpoint - but everybody still does it, as per some recent security audits:
    http://thenextweb.com/industry/2011/06/28/us-govt-plant-usb-sticks-in-security-study-60-of-subjects-take-the-bait/
    Closer to home: http://www.audit.wa.gov.au/reports/pdfreports/report2011_04.pdf

    The gist of them is that the majority of people wont just plug it in, but will run an exe on the drive as long as it's labelled something innocent.

    Most lifehacker readers know enough to disable autorun and avoid suspicious executable files, but if you really want to play it save a livecd would be better than a VM.

    I'm a big fan of old macs, the powerpc ones. They're great for surfing the net, and have less virus problems (haven't heard of any viruses people have had on these old machines).

    But I have had my big share of viruses/malware on other machines. I suppose the new intel macs get viruses, just wondering out loud if an old mac would be as good or better for this type of "virus-defusal" like for found thumb drives.

    "We need to call in the apple squad :)"

    Stephen

Join the discussion!

Trending Stories Right Now