Finding Windows malware on thumb drives in Linux
 

Hi all! If I connect some USB thumb drive to Windows machine and there is malware which copies itself to this thumb drive automatically and hides itself from Windows browsing, will I be able to see file of infection if I connect this drive to Linux machine and browse files? So that I can take a look at contents of a thumb drive in Linux and say "There are no Windows viruses for sure; safe to use in Windows".

If you have antivirus installed on you Linux machine (such as clamav, avast, or others), you can plug in the thumb drive and mount it. Then run the scan app to scan the thumb drive for malware.

Make a folder called autorun.inf

maybe. as good as clamAV and f-prot are for Linux, they are falling behind in detecting many of the MS junk that is out there. but if the file is hidden from MS, it should be visible with a simple command.

I wasn't talking about antivirus. Only about finding malware myself. For example if I have only mp3 files on a thumb drive, will malware be another non-mp3 file that is visible in Linux?

What for?

You're not sure? What is it that might not work?

99.9% of the time, malware and virii are embedded in seemingly innocent files. You can't just look at directory listing and go "yep, this one is a malware file", you actually have to scan through every single file on the drive, byte by byte, looking for hidden malware inside.

maybe, it all depends on the type of malware and if the Linux anti-virus is going to scan for malware. they are not the same and thus are not scanned the same way. this is why in the MS world you have to run both some type of anti-malware and anti-virus program to minimize infection of the system.

It's hard to know for sure if antivirus and malware programs can cut the mustard these days especially in a windows environment.

An interesting article from Symantec:
Symantec Says “Antivirus Software Is Dead”, But What Does That Mean For You?

It depends on the malware itself. In many cases you should be able to detect it either manually or with a virus scanner. Note that auto-run based viruses do exist for Linux too.

Personally, I don't use USB sticks at all. Yeah I guess I am super paranoid, but I figure there are better ways to distribute data nowadays anyway.

If I'm not sure about a USB stick, I would connect to a test PC or junk computer and disconnect any ethernet cables on it.

What can they do to a system if run by user (not root)?

It's OK to care about your security even if some people call it "too paranoid".

Like what?

If you read the news only 45% of Windows malware can be detected nowadays. This is the fate of an operating system that has thousands of security holes with thousands of viruses written for every hole. Cars without brakes are illegal on public highways, why are Windows computers allowed to connect to the internet?

I think it's more about the architecture, than about specific security holes.

Because the law doesn't protect those who are right and prosecute those who are wrong. The law is a tool used by people and people are foul.

Nope. Lots of people not very familiar with computers think virus is something that comes and gets you, as you get flu. Not true for computers, to write a successful virus you need to exploit a vulnerability in target system. No security holes = no viruses.

They can usually only do what the user can do, but if it contains a keylogger or kernel exploit it can gain root access reasonably easily.

File sharing servers, and there are plenty of them. Some call themselves "cloud", but file sharing servers have existed long before the "cloud". For smaller sized sharing, you can use e-mail. There's usually a 20-50 MB limit on e-mails.