E-cigarettes fingered as source of NASTY VIRUS

Not the mouth-hole kind, says IT support bloke


E-cigarettes have been fingered as the source of a new computer virus. "IT guy" Jrockilla told the Talesfromtechsupport forum that he suspects the malware was "hard coded" into the USB charger of his boss's electronic toker.

In his post, he says:

The executive’s system was patched up to date, had anti-virus and up-to-date anti-malware protection. Web logs were scoured and all attempts made to identify the source of the infection were to no avail. Finally, after all traditional means of infection were covered, IT started looking into other possibilities. It finally asked the executive “have there been any changes in your life recently”? The executive answer was, “well yes, I quit smoking two weeks ago and switched to e-cigarettes"...

He added:

...[The] e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system.

During the subsequent debate on Reddit, users called for further evidence that the charger was indeed the source, and that hasn’t been forthcoming, but it does point to the danger corporates face with users plugging unauthorised devices into USB ports for charging.

One user suggests that while a memory device will announce itself when plugged in, a keyboard will not, so a malevolent USB device could masquerade as a keyboard and then accept the security prompts which flashed up as the device asked for permissions.

A savvy user would spot this if they were watching but not if they were busy fiddling with an e-cig (essentially a battery-powered vaporizer which has the feel of tobacco, but produces only an aerosol) at the same time.

Naturally, the non-smoking sticks could be charged with a wall charger but IT professionals need to be aware that the threat exists. Again, the thread warns that it might be significant pointing to research by the German researchers SRLabs that USB devices can be made unstoppable.

It has also been suggested that a device is used to limit the USB port, but that is of course moving the trust around. If you really want to investigate what a port is doing, there are devices such as Facedancer which will investigate just that sort of thing.

In the meantime, it might just be easier to quit altogether. ®


Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021