If you found a mystery USB stick in the street

Status
Not open for further replies.


wilka88 said:
Yes I would, but first of all I would make sure id scan it first for malware and viruses.
Click to expand...
How would you scan for viruses without plugging in the USB stick?

Or is it safe to plug in but not to open files until it’s been scanned? Can a batch file start to execute itself as soon as a device is connected?

Edit yes it can start when plugged in.

https://www.quora.com/How-can-I-exe...ve-by-just-connecting-the-pen-drive-to-the-PC

Edit 2: someone has asked the original question.

Is there any way to safely examine the contents of a USB memory stick?
 
Last edited:
Stevie Freestein II said:
How would you scan for viruses without plugging in the USB stick?

Or is it safe to plug in but not to open files until it’s been scanned? Can a batch file start to execute itself as soon as a device is connected?

Edit yes it can start when plugged in.

https://www.quora.com/How-can-I-exe...ve-by-just-connecting-the-pen-drive-to-the-PC

Edit 2: someone has asked the original question.

Is there any way to safely examine the contents of a USB memory stick?
Click to expand...
you have just answered your own questions :lol:
 
Dave Herbal said:
Would you stick it in your PC to have a nosey? Course you would.

Just had a “security briefing” at work and been told to never do this as they are often left deliberately to spread malware, especially in company car parks.
Gonna make sure I do it at work instead of home in future. Who gives a shit about the company network getting infected?
Click to expand...

When I worked in a bar we found one on a table that had been left by a customer.

The duty supervisor stuck it in the company laptop (despite me warning him about the virus risks) and no word of a lie it was full of pics of the middled aged woman who had been at that table with her husband, legs apart fudding herself with a dildo.

Probably left it there on purpose the dirty pervs.
 
Dave Herbal said:
I download loads of torrents (currently 240 active) and never use any virus protection. Then again it’s a Mac.
Click to expand...
By having no virus protection, you have no way to know if you have a virus or not!
Many modern viruses try very hard not to be noticed! They're not all wannacry-style

wilka88 said:
Yes I would, but first of all I would make sure id scan it first for malware and viruses.
Click to expand...
You can easily inject the virus the second the device is plugged in, before you have the chance to scan it.


I wouldn't touch a "lost" USB stick.
 
Quinninho said:
Aye. I use a VM for this. Isolated from the network.
Click to expand...

Problem here is the vm is using the physical usb port passed through. There are instances where people have managed to get a malicious payload in the actual firmware of the usb stick it actual can infect the host during the negotiation. You actually want a fully sandboxed physical machine too.
 
Dave Herbal said:
:lol: Clients are forever giving me sticks to copy results for them and I just use them without question. What about phones as carriers? Everyone charges their phones off their pcs dont they?

I once found a roll of undeveloped film in the cemetery and paid to have it developed in case it was summat juicy. Turned out to be pictures of some building work.
Click to expand...

i'd have been shit scared about some sceario like the film The Ring kicking off in that scenario
 
MattyM 09/109 said:
Problem here is the vm is using the physical usb port passed through. There are instances where people have managed to get a malicious payload in the actual firmware of the usb stick it actual can infect the host during the negotiation. You actually want a fully sandboxed physical machine too.
Click to expand...
This.
 
PTR said:
By having no virus protection, you have no way to know if you have a virus or not!
Many modern viruses try very hard not to be noticed! They're not all wannacry-style


You can easily inject the virus the second the device is plugged in, before you have the chance to scan it.


I wouldn't touch a "lost" USB stick.
Click to expand...
Sandbox and on a machine that isn't connected to the network.
 
Charmless Man said:
When I worked in a bar we found one on a table that had been left by a customer.

The duty supervisor stuck it in the company laptop (despite me warning him about the virus risks) and no word of a lie it was full of pics of the middled aged woman who had been at that table with her husband, legs apart fudding herself with a dildo.

Probably left it there on purpose the dirty pervs.
Click to expand...
Bet you were pissed off you didn’t check it yourself
 
wilka88 said:
Sandbox and on a machine that isn't connected to the network.
Click to expand...
That is what I was going to post to the 'Ive got linux people'. It is still a risk.

Disconnect from the network, boot with one live linux USB then connect the found USB and take a look.
 
Status
Not open for further replies.

Back
Top