Steal Your Friends Passwords and Software Licenses!

Bill Mullins 03-10-2008

Steal Your Friends Passwords and Software Licenses! botnet computers1I’ll bet that headline got your attention!


We all know that the purpose of computer passwords is to protect personal information that you’ve stored on your computer, and in your online accounts.

With access to your passwords, cyber-criminals (they come in all shapes, sizes and flavors – so don’t be fooled), can and will, steal your identity and without a doubt severely compromise your financial security. Stolen passwords have the potential to cause serious havoc in your life.

There are numerous ways of course that a password, or software license key, can be stolen. Popular methods employed by cyber criminals include, but are not limited to:

Email scams:

Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity to start the process of infecting unaware computer users’ machines

Search engine redirection:

Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines. Malware, including password stealers can be installed on a computer simply by visiting a site.


Drive-by downloads:

Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common recently. They are crafted to automatically download and install malware including password stealers on your computer without your knowledge.

Steal Your Friends Passwords and Software Licenses! stolen passwords 4

Now, added to the burden we already carry in protecting our computers, our private personal information, and our confidential financial information, we now have to be careful, and perhaps even suspicious of our friends, or for that matter anyone, who inserts a USB drive including MP3 players into a USB port on our computer.

“USBThief” is a free hacking application – available for download on virtually every torrent download site that I’ve investigated – which can be installed on a USB flash drive, or even an iPod, or other MP3 player. I haven’t tried to install this on a Digital Camera, but I suspect (with some modification), that it can be done. Consider how often a friend, or family member, has connected any one of these peripherals to your machine.


USBThief has been designed and crafted with only one purpose in mind, and that is to steal both the passwords, and software keys, on the duped party’s computer.

There is no requirement that the culprit be a seasoned hacker – all that’s needed is that an ethically challenged individual download the program; decompress the archive and put all the files located in the folder “USBThief” onto a USB drive.

After connecting and removing the tweaked USB drive from the victim’s computer, the cyber-criminal simply views the dump folder to view the captured information.

This article is not meant to produce paranoia, or to make you suspicious of either your family, or your friends, but so that you are aware of the ever increasing challenges we all face in protecting valuable information in a world that threatens us, at every turn it seems.


Related topics: Password, USB, USB Drive.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. shokti
    August 1, 2009 at 11:32 am

    And I thought siw.exe is dangerous, since it will get all info in your computer including passwords and licenses.

  2. Aibek
    October 25, 2008 at 3:28 pm

    Hey Bill, Sorry for being late with my comment, just to let that's one of the most informative and tru;y useful security tips I have read in a while. Thank you!

  3. design
    October 12, 2008 at 1:06 pm

    If I do not know the email mailer I delete it. But I am sure I have something on my computer now. It acts up, slow to load etc.

  4. Darkassain
    October 6, 2008 at 3:25 am

    but who actually runs Firefox alone anymore...
    The most Secure way to browse the internet is to use both Firefox with no-script and Adblock-Plus and of getting the latest updates on both products and as for the Usb thief I run Comodo firewall w/Defense+ which is passworded and will block that kind of attack the again if he(meaning the Stealer/hacker in question)is determined enough he will get through. Then I wouldnt let him touch the computer unsupervised... lol
    Just giving everyone an idea of a totally free security setup that will stop 99% of most malware out there... oh using avast in conjunction with Spybot and Ad aware made batch files so they start aromatically scanning in the background (ad aware you still have to initiate Scan though)

    good article though nice to be informed about the latest "hacker-ware"

    • Bill Mullins
      October 6, 2008 at 9:46 am

      Hey Darkassain,

      Just as you say, FF with NoScript and Adblock Plus both running, increases secuity substantially.

      Thanks for the comment.


  5. Tech Paul
    October 4, 2008 at 4:54 pm

    Thank you for a great article which I sincerely hope will help educate people to the insecurity of today's Internet.

    • Bill Mullins
      October 4, 2008 at 6:49 pm

      Hey Tech Paul,

      Thanks for the supportive comment.


  6. Joe
    October 4, 2008 at 5:31 am

    Anyone know where this program came from?

    A lot of quote "hacking" tools have built in back doors. It would be easy for the developer of this program to send all passwords and licenses recovered from USB thief to his own server. That means every time you steal your friends passwords for fun, he is getting them too. He could even gather basic network info and essentially root your computer. Next thing you know, your part of some spam botnet, or you have malware coming out your ass.

    Just some thoughts...

    • Bill Mullins
      October 4, 2008 at 2:09 pm

      Hey Joe,

      Thanks for the great comment. You've raised some interesting points.


    • Tech Paul
      October 4, 2008 at 4:57 pm

      Excellent point Joe.

      My bet is that there's at least one backdoored version out there, if they all aren't.

  7. Nick
    October 3, 2008 at 11:41 pm

    Wow, Great article! I learned some stuff that I didnt know. I'm going to keep my out for these. Thanks!

    • Bill Mullins
      October 4, 2008 at 2:08 pm

      Hey Nick,

      Glad you enjoyed it. Thanks.


  8. Ben
    October 3, 2008 at 4:44 pm

    And the winner for the most ethical article of the year goes to.... Just kidding, great article! My only question is how did you find about USBThief in the first place?

    • Bill Mullins
      October 3, 2008 at 5:15 pm

      Hey Ben,

      Thanks. So what's the prize? A week in Las Vegas would be very cool. LOL!!

      Since I specialize in system and Internet security, I am a member of a number of informal groups, which continuously monitors the Internet for emerging threats. As well, I am in regular contact with most of the major security providers.


  9. Mark O'Neill
    October 3, 2008 at 4:20 pm

    I wonder how many people out there are now rushing to file sharing networks to look for USB Thief?!

    • Bill Mullins
      October 3, 2008 at 4:51 pm

      Hey Mark,

      Oh, I imagine it will be the same people who search the Internet looking for any application/hack/script that will give them an advantage.

      Knowledge, is a least a partial antidote to unsecure security practices. Difficult to protect oneself from danger, without knowing what the dangers are.


  10. Zenon
    October 3, 2008 at 4:17 pm

    And there's people wondering why there's technophobes, this is one of the most rediculous articles I've ever read.

    Software automatically downloading to your computer? What browser do you use, netscape 1972?

    • Bill Mullins
      October 3, 2008 at 4:40 pm

      Hey Zenon,

      "Software automatically downloading to your computer?" You bet!

      Just some of the vulnerabilities patched in the latest FireFox release.

      MFSA 2008-42: Critical

      Titled “Crashes with evidence of memory corruption (rv:”–Mozilla says under certain circumstances memory corruption could be exploited to run arbitrary code.

      MFSA 2008-41: Critical

      Titled “Privilege escalation via XPCnativeWrapper pollution”–Mozilla says this fix includes “a series of vulnerabilities which can pollute XPCNativeWrappers and allow arbitrary code run with chrome privileges.”

      MFSA 2008-39: Critical

      Titled “Privilege escalation using feed preview page and XSS flaw”–Mozilla says this fixes “a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges.”

      MFSA 2008-37: Critical

      Titled “UTF-8 URL stack buffer overflow”–Mozilla says “a specially crafted UTF-8 URL in a hyperlink…could overflow a stack buffer and allow an attacker to execute arbitrary code.

      MFSA 2008-38: High

      Titled “nsXMLDocument::OnChannelRedirect() same-origin violation”–Mozilla says the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed and could be used to execute JavaScript in the context of a different Web site.

      MFSA 2008-43: Moderate

      Titled “BOM characters stripped from JavaScript before execution”–Mozilla says certain BOM characters are stripped from JavaScript code before it is executed and could lead to code being executed.

      MFSA 2008-44: Moderate

      Titled “resource: traversal vulnerabilities”–Mozilla says the restrictions imposed on local HTML files could be bypassed using the resource: protocol, allowing an attacker to read information about the system and prompt the victim to save the information in a file.

      Absolute security on the Interent does not exist.


  11. Herb
    October 3, 2008 at 3:31 pm

    Nice, only proof that Autoplay in XP should be disabled by default!

    • Bill Mullins
      October 3, 2008 at 4:18 pm

      Hey Herb,

      You're so right! Such a simply thing to increase overall security. Thanks for a great comment.


  12. Herb
    October 3, 2008 at 3:30 pm

    So disabling autoplay on XP, while making things a hassle at times, might actually be a good thing!

  13. Hentai Kamen
    October 3, 2008 at 1:44 pm

    Don't worry. I'm always suspicious of anyone using my PC. That's why i constantly do scans on it.

    • Bill Mullins
      October 3, 2008 at 3:13 pm

      Hey Hentai,

      Very cool that you scan your machine constantly - too much security is never enough.

      Thanks for the comment.


      • Simon
        October 3, 2008 at 3:57 pm

        Why is his name censored? It just means 'pervert' in Japanese, no reason to filter ;)

  14. Sebastien
    October 3, 2008 at 1:29 pm

    Nice headline! You DID get me with it...
    By the way, I just hacked into your gmail account and changed your password. haha just kidding!

    • Bill Mullins
      October 3, 2008 at 3:11 pm

      Hey Sebastien,

      Glad I gotcha. Thanks for the comment.

      Good one on the gmail hack. LOL!!


    • Aibek
      October 25, 2008 at 3:25 pm


  15. Simon
    October 3, 2008 at 1:24 pm

    Nice article Bill :-)

    • Bill Mullins
      October 3, 2008 at 2:08 pm

      Hey Simon,