GCN Hot Topics:

• Tech/Products Home
• Authentication/ID Mgt.
• Content/Record Mgt.
• COOP/Telework
• Data Mgt.
• Defense IT
• Enterprise Architecture
• Geospatial
• Hardware
• Homeland Security
• IPv6
• IT Mgt.
• State & Local
• Software Apps.
• Web Strategies
• Workflow/Collaboration

GCN Home > 07/23/07 issue

William Jackson | That’s one way to create demand for a solution

Cybereye | Commentary: A security company should find better way to promote its service than by sending out key drives loaded with malicious code

By William Jackson

Image:

William Jackson

Senforce Technologies announced last month a new version of its Endpoint Security Suite that includes encryption and controls for removable storage devices such as USB thumb drives. It’s no secret that these small, fast, high-capacity drives can be risks, but Senforce has come up with a new trick to drum up a market for the suite.

Shortly before the product announcement, I received in the mail a bright new USB drive from Senforce. Being a sucker for free stuff, I eagerly examined the drive and even read the material. I learned Senforce had thoughtfully loaded the device with malware.

“Once the thumbdrive is inserted into your computer’s USB port, the following harmless, yet very insightful experiment will begin,” I was advised:

• The program on the thumb drive will execute once your operating system recognizes the device.
• The program will immediately identify and download the contents of your My Documents folder to the thumb drive.
• You will not receive any notification or warning that your documents have been identified and downloaded.

Nothing to worry about, I was assured. “No harm will be caused to your data or your computer.” But, I was warned, “it will be your responsibility to monitor or destroy the thumbdrive once it is in your possession.”

Thanks a lot, guys.

The publicity scheme is to raise awareness of a trick called “thumbsucking,” a cute name coined by Senforce to describe the process of using a U3-enabled device — which can carry your software and data — to trick a computer into downloading data. A U3 drive does this by mapping to two-letter drives when inserted into a computer, one of the drives masquerading as a CD drive. When the computer sees this “CD” it uses the AutoRun feature to launch the US3 LaunchPad on the thumb drive. If the thumb drive happens to have a thumbsucking tool loaded on it — and Senforce includes detailed instructions for creating your own tool— data is automatically and secretly downloaded to the device’s second drive. There is no word yet if this technique is actually being used in the wild, but depending on the size of the Senforce mailing list, I doubt that it will be long before it is.

More news on related topics: IT Security, Hardware, Software Applications