USBs are a very popular medium of the spreading of malware and different kinds of virus. Many malware authors tend to rely on this medium because security in many computers is quite strong and it is difficult to sneak into such computers. USBs, on the other hand, are a convenient way of sneaking into such computers and wrecking havoc.
Now, a new project has been unveiled by Honeynet Project which aims to detect and capture the malware by emulating a fake USB, so that the malware would be tricked into thinking it as the real USB and would then try to sneak on to it.
Honeynet Project is a non-profit security research organization. The chief task of this organization is to discern different malware on the web and capture and analyze them.
This latest project ‘Ghost’ from Honeynet Project is the brainchild of a German student who first unveiled the idea at Honeynet Project conference. According to Sebastian Peoplau, who was the said student, USB drives are a very popular mode of spreading a malware in such a system where security of the computers themselves is quite tight.
Ghostdrive is a virtual USB drive. It is implemented using a kernel mode driver in Windows which uses Windows at the disk class driver level. To make the malware believe that this virtual USB has been ‘plugged in’ a virtual bus driver is used to register the virtual driver. In this way, if there is a malware on the computer, it immediately tries to copy itself onto this virtual USB which then stores all its information on a binary image file.
This project can have huge implications in that it can equip the companies with a very effective tool to successfully thwart the security risks posed by the use of USBs within an organization.
Source: Ghost USB HoneyPot