Steal Your Friends Passwords and Software Licenses!
I’ll bet that headline got your attention!
We all know that the purpose of computer passwords is to protect personal information that you’ve stored on your computer, and in your online accounts.
With access to your passwords, cyber-criminals (they come in all shapes, sizes and flavors - so don’t be fooled), can and will, steal your identity and without a doubt severely compromise your financial security. Stolen passwords have the potential to cause serious havoc in your life.
There are numerous ways of course that a password, or software license key, can be stolen. Popular methods employed by cyber criminals include, but are not limited to:
Email scams:
Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity to start the process of infecting unaware computer users’ machines
Search engine redirection:
Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines. Malware, including password stealers can be installed on a computer simply by visiting a site.
Drive-by downloads:
Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common recently. They are crafted to automatically download and install malware including password stealers on your computer without your knowledge.
Now, added to the burden we already carry in protecting our computers, our private personal information, and our confidential financial information, we now have to be careful, and perhaps even suspicious of our friends, or for that matter anyone, who inserts a USB drive including MP3 players into a USB port on our computer.
“USBThief” is a free hacking application - available for download on virtually every torrent download site that I’ve investigated - which can be installed on a USB flash drive, or even an iPod, or other MP3 player. I haven’t tried to install this on a Digital Camera, but I suspect (with some modification), that it can be done. Consider how often a friend, or family member, has connected any one of these peripherals to your machine.
USBThief has been designed and crafted with only one purpose in mind, and that is to steal both the passwords, and software keys, on the duped party’s computer.
There is no requirement that the culprit be a seasoned hacker – all that’s needed is that an ethically challenged individual download the program; decompress the archive and put all the files located in the folder “USBThief” onto a USB drive.
After connecting and removing the tweaked USB drive from the victim’s computer, the cyber-criminal simply views the dump folder to view the captured information.
This article is not meant to produce paranoia, or to make you suspicious of either your family, or your friends, but so that you are aware of the ever increasing challenges we all face in protecting valuable information in a world that threatens us, at every turn it seems.
(By)
Nice article Bill
Hey Simon,
Thanks.
Nice headline! You DID get me with it…
By the way, I just hacked into your gmail account and changed your password. haha just kidding!
Hey Sebastien,
Glad I gotcha. Thanks for the comment.
Good one on the gmail hack. LOL!!
Bill
lol
Don’t worry. I’m always suspicious of anyone using my PC. That’s why i constantly do scans on it.
Hey Hentai,
Very cool that you scan your machine constantly - too much security is never enough.
Thanks for the comment.
Bill
Why is his name censored? It just means ‘pervert’ in Japanese, no reason to filter
(Comments wont nest below this level)So disabling autoplay on XP, while making things a hassle at times, might actually be a good thing!
Nice, only proof that Autoplay in XP should be disabled by default!
Hey Herb,
You’re so right! Such a simply thing to increase overall security. Thanks for a great comment.
Bill
And there’s people wondering why there’s technophobes, this is one of the most rediculous articles I’ve ever read.
Software automatically downloading to your computer? What browser do you use, netscape 1972?
Hey Zenon,
“Software automatically downloading to your computer?” You bet!
Just some of the vulnerabilities patched in the latest FireFox release.
MFSA 2008-42: Critical
Titled “Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)”–Mozilla says under certain circumstances memory corruption could be exploited to run arbitrary code.
MFSA 2008-41: Critical
Titled “Privilege escalation via XPCnativeWrapper pollution”–Mozilla says this fix includes “a series of vulnerabilities which can pollute XPCNativeWrappers and allow arbitrary code run with chrome privileges.”
MFSA 2008-39: Critical
Titled “Privilege escalation using feed preview page and XSS flaw”–Mozilla says this fixes “a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges.”
MFSA 2008-37: Critical
Titled “UTF-8 URL stack buffer overflow”–Mozilla says “a specially crafted UTF-8 URL in a hyperlink…could overflow a stack buffer and allow an attacker to execute arbitrary code.
MFSA 2008-38: High
Titled “nsXMLDocument::OnChannelRedirect() same-origin violation”–Mozilla says the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed and could be used to execute JavaScript in the context of a different Web site.
MFSA 2008-43: Moderate
Titled “BOM characters stripped from JavaScript before execution”–Mozilla says certain BOM characters are stripped from JavaScript code before it is executed and could lead to code being executed.
MFSA 2008-44: Moderate
Titled “resource: traversal vulnerabilities”–Mozilla says the restrictions imposed on local HTML files could be bypassed using the resource: protocol, allowing an attacker to read information about the system and prompt the victim to save the information in a file.
Absolute security on the Interent does not exist.
Bill
I wonder how many people out there are now rushing to file sharing networks to look for USB Thief?!
Hey Mark,
Oh, I imagine it will be the same people who search the Internet looking for any application/hack/script that will give them an advantage.
Knowledge, is a least a partial antidote to unsecure security practices. Difficult to protect oneself from danger, without knowing what the dangers are.
Bill
And the winner for the most ethical article of the year goes to…. Just kidding, great article! My only question is how did you find about USBThief in the first place?
Hey Ben,
Thanks. So what’s the prize? A week in Las Vegas would be very cool. LOL!!
Since I specialize in system and Internet security, I am a member of a number of informal groups, which continuously monitors the Internet for emerging threats. As well, I am in regular contact with most of the major security providers.
Bill
Wow, Great article! I learned some stuff that I didnt know. I’m going to keep my out for these. Thanks!
Hey Nick,
Glad you enjoyed it. Thanks.
Bill
Anyone know where this program came from?
A lot of quote “hacking” tools have built in back doors. It would be easy for the developer of this program to send all passwords and licenses recovered from USB thief to his own server. That means every time you steal your friends passwords for fun, he is getting them too. He could even gather basic network info and essentially root your computer. Next thing you know, your part of some spam botnet, or you have malware coming out your ass.
Just some thoughts…
Hey Joe,
Thanks for the great comment. You’ve raised some interesting points.
Bill
Excellent point Joe.
My bet is that there’s at least one backdoored version out there, if they all aren’t.
Thank you for a great article which I sincerely hope will help educate people to the insecurity of today’s Internet.
Hey Tech Paul,
Thanks for the supportive comment.
Bill
but who actually runs Firefox alone anymore…
The most Secure way to browse the internet is to use both Firefox with no-script and Adblock-Plus and of getting the latest updates on both products and as for the Usb thief I run Comodo firewall w/Defense+ which is passworded and will block that kind of attack the again if he(meaning the Stealer/hacker in question)is determined enough he will get through. Then I wouldnt let him touch the computer unsupervised… lol
Just giving everyone an idea of a totally free security setup that will stop 99% of most malware out there… oh using avast in conjunction with Spybot and Ad aware made batch files so they start aromatically scanning in the background (ad aware you still have to initiate Scan though)
good article though nice to be informed about the latest “hacker-ware”…lol
Hey Darkassain,
Just as you say, FF with NoScript and Adblock Plus both running, increases secuity substantially.
Thanks for the comment.
Bill
If I do not know the email mailer I delete it. But I am sure I have something on my computer now. It acts up, slow to load etc.
Hey Bill, Sorry for being late with my comment, just to let that’s one of the most informative and tru;y useful security tips I have read in a while. Thank you!