{"id":3303,"date":"2015-10-16T17:20:37","date_gmt":"2015-10-16T17:20:37","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=3303"},"modified":"2015-10-16T18:18:14","modified_gmt":"2015-10-16T18:18:14","slug":"enter-sandbox-part-10-removable-devices-clickbait-file-names","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2015\/10\/16\/enter-sandbox-part-10-removable-devices-clickbait-file-names\/","title":{"rendered":"Enter Sandbox \u2013 part 10: Removable devices & clickbait file names"},"content":{"rendered":"

Infection of removable drives is an old trick and no point explaining what it is. What is\u00a0interesting\u00a0though is looking at creativity of guys who leverage this infection vector and not the ones that\u00a0exploit the autorun.inf mechanism (yawns!), but\u00a0the one that focuses on social engineering.<\/p>\n

Assuming that a potential victim of ‘removable device infection’ is typically not a very computer savvy individual\u00a0is actually quite\u00a0easy. We all know that\u00a0it’s the guys like these that are a typical pray for malware authors.<\/p>\n

But are they the only ones?<\/p>\n

There is so many things one can do to place clickbaitfiles on the removable drive that the victim will end up clicking. It is stronger than us. Whether a rookie or a pro.\u00a0You have seen it, I have seen it – the guys clicking, clicking… until it works. I have done it too.<\/p>\n

Infection via a removable device is still a perfect social engineering platform and I’d say it is not going away anytime soon.<\/p>\n

Looking at some of the sandboxes samples I have analyzed I created a short list of tricks I have spotted so far (send me more if you know others, and care to share).<\/p>\n