Do you think this is a sketchy?

c hris527 · Aug 25, 2024

A Customer of mine, Actually a Government entity informed me of a Amazon Delivery they received last week, After unboxing the items they looked at the bottom of the box and saw a extra item, it at first it looked like a credit card or business card.
After they looked at it, turns out its a card with a flip up thumb drive. Who does not love puppies...Eh ? I will get my hands on it this week and get the skinny on this. has anyone else out there run across anything like this before? Considering It is a Amazon
Government account, my bells are going off. They knew not to mess with it because I do the Cyber security training but I will say the ladies were VERY tempted. what does everybody think. Is it a Computer killer by short circuit? Does it have a payload?
Or is it a nice greeting from the seller? Who knows :wow:

Edit After looking at the drive, I do not think its a USB Killer, unless they are using super small IC Components.

samplenhold · Aug 25, 2024

It has a payload for sure. Plug that into an USB outlet on your laptop and you will find out. I doubt it is a 'killer', more of a trojan.

Mike A. · Monday at 12:50 AM

No way in hell I'm plugging that into anything but a wipeable completely sandboxed system. lol Curious to hear what you find. I do kind of remember people getting thumb drives or some piece of equipment sent to them blindly a while back.

ETA: Search "unexpected deliveries of thumb drive" and you'll see some things. This one was particularly interesting:

ilfri3
•2 yr. ago

JUST had this happen to me! I ordered a computer through amazon but my usb is disguised as a credit card with a picture of puppies in a basket on it? I have messaged the seller and am waiting for a response

No more info than that unfortunately.

elvisimprsntr · Monday at 5:26 AM

Reportedly, that's how Stuxnet was introduced.

Tech savvy adults may have enough common sense not to insert it into a computer, but kids may be easily tempted.

Nasty Roblox bug could wreck kids' PCs and send their data to hackers — how it works

It isn't all fun and games on Roblox

www.laptopmag.com

c hris527 · Monday at 9:33 AM

Mike A. said:
No way in hell I'm plugging that into anything but a wipeable completely sandboxed system. lol Curious to hear what you find. I do kind of remember people getting thumb drives or some piece of equipment sent to them blindly a while back.

ETA: Search "unexpected deliveries of thumb drive" and you'll see some things. This one was particularly interesting:

No more info than that unfortunately.

I knew If i got this info out here somebody would know or have knowledge of something Similar, yes they ordered a laptop. I have a special VM machine i will test it on when I get my hands on it, should be later in the week. They knew it was going to a Government Entity also.

c hris527 · Monday at 9:36 AM

samplenhold said:
It has a payload for sure. Plug that into an USB outlet on your laptop and you will find out. I doubt it is a 'killer', more of a trojan.

Yup, This is how they do it. If it has a payload, I have some options with the seller, Amazon and higher Authorities.

alastairstevenson · Monday at 10:49 AM

c hris527 said:
Yup, This is how they do it. If it has a payload, I have some options with the seller, Amazon and higher Authorities.

And maybe chuck it at VirusTotal out of curiosity if you feel you have a safe way to just handle it as a file.

alastairstevenson · Monday at 10:55 AM

elvisimprsntr said:
Reportedly, that's how Stuxnet was introduced.

Yes, that was a brilliant infiltration with brilliant consequences.
And dropping a few memory sticks in an organisation's car park used to be one of the steps to evaluate a company's IT security effectiveness by seeing how many phoned home.

c hris527 · Monday at 3:54 PM

So I was able to get my hands on it, gave it a look on the sandbox, No files looks clean except 256k of used something(I think that's to be expected) did not see any hidden files, no change to anything. However Won't be using it for anything.

looney2ns · Monday at 6:15 PM

Me thinks I would take a sledgehammer to it.

samplenhold · Tuesday at 12:49 AM

many years ago, when USB drives were quite pricey, people would 'repurpose' ones that vendors would give folks (like at conventions) with software or different conversion tables (think CRC math tables) on it. Some would then delete everything on it and use it for their own storage. I know of a couple of people that picked up several that were laying on tables in the snack area. When they plugged it into their home machine, it installed a trojan and they never got control of the pc back.

When I was working in Nigeria, the company had rules about not EVER plugging in a USB drive to any company computer unless it physically came from our IT department after being scanned by them. But some of the locals would fully disregard this. One case in point was a new hire that on her first day after orientation (where she had to sign a form telling about the USB policy), she plugged in one that a 'friend' had given her with music on it that she wanted to play while she worked. It immediately loaded a payload that took over her machine. She was in a cube outside my office, and I heard her yell and I went to see what was up. I pulled the network cable out to stop it from jumping to the LAN. When IT took a look they said if it had been allowed to finish it would have taken down our entire LAN. This led to every PC in our office having the USB ports turned off. It also led to her dismissal.

Flintstone61 · Tuesday at 4:02 AM

I see some of my Dell corporate computers are still retaining the PS/2 mouse and keyboard ports. Additionally with a BIOS that can be administered to disallow user level folks from using the USB ports.
Probably thanks to stuff like Stuxnet.
It sure seems fishy.
I often wonder if some of these these USB thumb drives are phoning home, with all their preloaded " helpful User assistance" type files.

The Automation Guy · Tuesday at 9:41 AM

elvisimprsntr said:
Tech savvy adults may have enough common sense not to insert it into a computer, but kids may be easily tempted.

You are right about savvy tech people knowing not to insert stuff (adults or not), but you would be amazed at how "un tech savvy" most people are. 65% of the population out there is going to say, "ahhhh, cute puppies" and insert this USB drive into their computer. It's not just kids......

CCTVCam · Wednesday at 3:15 AM

256K could be file allocation firmware, or it could be something concealed such as a root kit. Personally, I'd contact Amazon and ask them about the "gift". Either way, I wouldn't use it. Maybe one of the Govt bodies might like to make a check as it's in their interests to know what is being sent out to their entities. They'd probably appreciate a vigilent service agent, albeit if you have bosses, check with them 1st. However, as it wasn't sent to you but to the Govt contractor, it's not you that solcitied the goods that came with it.

c hris527 · Wednesday at 11:31 AM

CCTVCam said:
256K could be file allocation firmware, or it could be something concealed such as a root kit. Personally, I'd contact Amazon and ask them about the "gift". Either way, I wouldn't use it. Maybe one of the Govt bodies might like to make a check as it's in their interests to know what is being sent out to their entities. They'd probably appreciate a vigilent service agent, albeit if you have bosses, check with them 1st. However, as it wasn't sent to you but to the Govt contractor, it's not you that solcitied the goods that came with it.

I'm pretty much done with it, The Agency I contract for does not care at this point either( we all know Gov agency's) I have a friend who works at a rather large engineering University locally
and their Cyber security lab is awesome, he said he will run it through when I see him again. At this point I still think its clean but who knows Eh.

tangent · Wednesday at 1:58 PM

c hris527 said:
So I was able to get my hands on it, gave it a look on the sandbox, No files looks clean except 256k of used something(I think that's to be expected) did not see any hidden files, no change to anything. However Won't be using it for anything.

It may be nothing.

Some of you are aware of this, but a USB device can potentially appear to the computer as multiple devices like a keyboard and a flash drive (see usb rubber ducky as an example). It could even be programmed to only do that after it's been plugged in for some period of time.
For example it could type win-r, malware.com/somepayload.exe, enter, alt-y to the UAC prompt. Or it could hammer out a more complex series of local commands / access a hidden partition of a flash drive.

This type of stuff can even be embedded in a cable (would present to pc as usb hub).

Search

Do you think this is a sketchy?

c hris527

Known around here

samplenhold

Mike A.

Known around here

elvisimprsntr

Pulling my weight

Nasty Roblox bug could wreck kids' PCs and send their data to hackers — how it works

c hris527

Known around here

c hris527

Known around here

alastairstevenson

alastairstevenson

c hris527

Known around here

looney2ns

samplenhold

Flintstone61

Known around here

The Automation Guy

Known around here

CCTVCam

Known around here

c hris527

Known around here

tangent