Hacking Prevention – USB stealer and Zip Bomb

Better your Computer Vocabulary – Computer Security Terms
January 5, 2016
Hacking Prevention – Fork Bomb and Folder Blaster
January 7, 2016
Show all

Hacking Prevention – USB stealer and Zip Bomb

USB Stealer

What is a USB Stealer?

A USB stealer is a custom or normal USB that contains certain software dedicated to locating passwords that has been saved on your computer.

How is a USB Stealer Created?

Before the USB can do anything you’ll need to install the software onto the USB, examples: MessenPass, Mail PassView, IE Passview, etc. Once all the software is correctly installed you’ll have to create a bat file that will launch all the software applications upon startup or as soon as you plug the USB in.

How does the USB Stealer work?

A USB Stealer is a very simple concept, so simple that almost anyone can do it. After setting up the software, all you need to do is plug the USB into the victims computer and the USB will do it’s magic. As soon as the USB is plugged into the computer (the computer has to be on), the .bat file will automatically start the software applications. All the software that is on the USB is specially designed to locate passwords on the computer that are saved as cookies.

How does the software find my passwords?

Whenever you’re on the internet and you log into or create an account on a website or social media site and you get the option to click “remember me”. Basically what you just did was you told Google Chrome, FireFox or whatever search engine you use to save the password on your computer as a cookie. All the software on the USB is specifically designed to locate these files, take the information and put it all into a text file.

What countermeasures should I take?

Unfortunately there aren’t any proper countermeasures that you can take to prevent someone from stealing your passwords. The only thing that you can do is never click on “remember me” when you log into a website.

Zip Bomb

What is a Zip Bomb?

A Zip Bomb is a malicious archive file designed to crash or render the program or system reading it useless.




How is a Zip Bomb Created?

Creating a zip bomb is a very simple task that only involves typing “0”, copying and pasting. You start off by opening a text file, you then start spamming “0” for a few seconds until you have a ton of 0’s on your page. Select all (CTRL+A), copy (CTRL+C) and paste (CTRL+V). Continue doing this until it starts taking 5 minutes to carry out the paste command. You should have a document that consists of a few GB of 0’s. Now you compress the file and you should be left a compressed folder that is only a few KB. The last step is copy this file 16 times, put it into another folder, compress the folder and continue doing so 16 times.

How does a Zip Bomb Work?

One of the biggest uses of a zip bomb is to crash an antivirus. It does this plainly because the files are so large. How it works is the antivirus starts scanning the zipped file but in order to do it has to unzip it. The antivirus unzips the files one by until it finally crashes from running out memory because after a few layers the antivirus had to have scanned almost a TB. A Zip Bomb can be used to hold a Trojan Horse or virus so that when the antivirus crashes it is free to move about on the victims computer. Another use for a Zip Bomb is to directly crash someones computer and how this works is the person downloads the file and tries to unzip it. Since the file is being unzipped from a few KB to a few GB, TB or even PB the computer will crash because it is incapable of processing that much data.

What countermeasures should be taken?

There isn’t much that you can do to prevent yourself from being Zip Bombed. The only thing that you can do is be careful of what you are downloading and make sure you aren’t unzipping a 2 KB file. Luckily there are a few antivirus softwares that have a fail safe. This Basically means that if the antivirus were to scan a Zip Bomb it would stop scanning before it runs out memory thus preventing itself from crashing.

Comments are closed.