USBThief – Making it Easy for Cyber Criminal Wannabes

image With access to your passwords, cyber-criminals (they come in all shapes, sizes and flavors – so don’t be fooled), can and will, steal your identity and without a doubt severely compromise your financial security. Stolen passwords have the potential to cause serious havoc in your life.

There are numerous ways of course that a password can be stolen. Popular methods employed by cyber criminals include, but are not limited to:

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity to start the process of infecting unaware computer users’ machines

Search engine redirection: Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines. Malware, including password stealers can be installed on a computer simply by visiting a site.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common recently. They are crafted to automatically download and install malware including password stealers on your computer without your knowledge.

Added to the burden we already carry in protecting our computers, our private personal information, and our confidential financial information, we now have to be careful, and perhaps even suspicious of our friends, or for that matter anyone, who inserts a USB drive including MP3 players, such as a iPod, into a USB port on our computer.

image

USBThief is a free hacking application – available for download on virtually every torrent download site that I investigated – which can be installed on a USB flash drive, or even an iPod, or other MP3 player.

I haven’t tried (yet), to install this on a Digital Camera, but I suspect (with some modification), that it can be done. Consider how often a friend, or family member, has connected any one of these peripherals to your machine.

image USBThief has been designed and crafted with only one purpose in mind, and that is to steal both the passwords, and software keys, on the duped party’s computer.

There is no requirement that the culprit is a seasoned hacker – all that’s needed is that an ethically challenged individual download the program; decompress the archive and put all the files located in the folder “USBThief” onto a USB drive.

After connecting and removing the tweaked USB drive from the victim’s computer, the cyber-criminal simply views the dump folder to view the captured information.

Learning to use this application is an absolute “no brainer” – there are multiple sites on the Internet offering tutorials (including video tutorials), in the use of  USBThief.

Here’s a little blurb from a hacking site:

1.Insert the USB in your victim’s computer.

2.View folder “dump” to see the passwords. It also makes a second dump folder in the batexe folder. Tested and Working perfectly!

I have not written this article to produce paranoia, or to make you suspicious of either your family, or your friends, but so that you are aware of the ever increasing challenges we all face in protecting valuable information in a world that threatens us, at every turn it seems.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Bill's Rants, cybercrime, Don't Get Scammed, Don't Get Hacked, flash drive, Geek Software and Tools, Malware Advisories, Privacy, Spyware - Adware Protection, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

10 responses to “USBThief – Making it Easy for Cyber Criminal Wannabes

  1. 1101doc

    Tested. It still requires that the autorun.inf file be active. By default, XP Pro offers a choice of function after insertion, and autorun can easily be disabled for USB.

    However, it points out the primary issue: Never allow anyone to use your computer.

    If you simply must allow an “alien” USB device to be connected to your computer, do it yourself, and only after taking precautions.

    • Bill Mullins

      Hey doc,

      Point taken. But the issue is broader than that. Most users, despite advice to the contrary, do not disable autorun.inf. Even if they have, a simple Mouse click is all that is required.

      Since available statistics indicate, identity theft is much more likely to be committed by a friend or a relative than by an Internet cyber criminal, your last two points are particularly relevant. Thank you for making these points clear.

      *Readers should take note of doc’s comment.*

      Bill

      Bill

  2. Mal

    Hey Bill,

    I guess the lesson here is, don’t let anyone else use your computer. I don’t.

    Cheers

    • Bill Mullins

      Hey Mal,

      I think that’s the safest course.

      As I pointed out to doc, the previous commentor – “available statistics indicate, identity theft is much more likely to be committed by a friend or a relative than by an Internet cyber criminal”, That comes as a shock to many people, but it shouldn’t – *access* is the key.

      Bill

  3. Liam O" Moulain

    Bill,

    It seems harsh to be wary of friends and relatives having access to your PC, but I’ve seen the same stats you are talking about.

    Better safe than sorry, I say.

    Liam

    • Bill Mullins

      Liam,

      I don’t know anyone who would simply hand the keys to their Safe Deposit Box to a friend or relative. Yet, most people don’t hesitate when it comes to allowing access to their PC, despite the fact it, may contain highly valuable and confidential information.

      I’m not one of them.

      Bill

  4. Mal

    Hey Bill,

    I’m a bit shocked at those statistics regarding friends or relatives being more likely to steal information. But on thinking about it, it makes sense, as it’s much easier to get info from somebody’s computer if you have physical access to it. Sad, but true.

    Cheers

    • Bill Mullins

      Hey Mal,

      Just to be clear – these stats cover all instances of friend/relative identity theft, including such things as stealing cheque books, credit cards, other forms of identification, and so on.

      Bill

  5. dar

    re: with friends like this,who needs enemies
    -many moons ago, a customer told a tale of his house warming party…a while later,his home was robbed…
    “I’ve never had my buddies over again.”

    • Bill Mullins

      Hey Dar,

      I’ve heard stories like that but worse, I’ve experienced it. Had some guys over to watch the game last year (some were friends of friends), next day, my watch which I’d left on my desk had vanished. Makes you wonder about people.

      Bill