Analysis of an APT attack USB flash drive Virus

Virus symptoms:

A USB flash drive is specially designed. After being inserted, you do not need to enable it. You do not need to disable automatic playback. the root directory of the USB flash drive does not contain the autorun. inf file. There is a DLL file with virus. After the udisk format is completed, if an EXE file (mj0011.exe) and a DLL file are contained in it, you only need to insert the file into your computer.

Find another USB flash drive, put the above two files into it, and insert the files to the system without any response;

Replace the exe file with a calculator. When you insert it into your computer, the calculator runs automatically;

Result: usb hid attack

Additional additional reading:

With the USB keyboard, USB mouse, and other human-computer interaction device (HID) interface descriptor attached, the USB printer is inserted into the USB interface, in addition to identifying the USB printer, an additional keyboard, mouse, and other input devices are identified. If you use a custom USB firmware for Automatic Input and simulate user input to operate the computer, it is impossible to format the hard disk.

 

Someone will be able to easily implement it through Kautilya and Teensy ++ (tennpsy2)

Http://j00ru.vexillium.org /? P = 1272

Http://www.nsfocus.net/vulndb/8050

Http://technet.microsoft.com/zh-cn/security/bulletin/ms13-027

A ntfs vulnerability is exploited by a low-permission account user to obtain a high-Permission shell with usb insertion.