Feeds

Chemical giant foils infected USB stick espionage bid

Malware-laden drive falls into the right hands

Top 5 reasons to deploy VMware with Tegile

An attempt to infiltrate the corporate systems of Dutch chemical giant DSM by leaving malware-riddled USB sticks in the corporation's car park has failed.

Instead of plugging the discarded drives into a workstation, which would have infected the machine, the worker who first found one of the devices handed it in to DSM's IT department.

Sysadmins subsequently found an unspecified password-stealing keylogger, according to local reports by Elsevier.nl (Google translation here).

The spyware was designed to upload stolen usernames and passwords to a server under the control of hackers. This site was blocked by DSM's sysadmins, effectively thwarting the password-snatching object of the attack, so the company would be protected even should any other workers find and use the infected USB sticks on corporate laptops.

It's unclear who was behind the plan, but regular cybercriminals or industrial spies are two strong possibilities. It's even possible the infected keystroke logger was planted there by a firm hired to test DSM's cyber-defences, which on the basis of this case are better than those of many other firms.

Using infected USB sticks as a method of smuggling malware into firms has become a regular occurrence over recent years, security researchers note, especially since they featured as the presumed delivery mechanism of the infamous Stuxnet worm. Penetration testers might regard the ruse as too easy, akin to shooting fish in a barrel, a blog post by net security firm Sophos comments. ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?