By William Jackson
Senforce Technologies announced last month a new version of its Endpoint
Security Suite that includes encryption and controls for removable
storage devices such as USB thumb drives. Its no secret that these
small, fast, high-capacity drives can be risks, but Senforce has come up
with a new trick to drum up a market for the suite.
Shortly before the product announcement, I received in the mail a bright
new USB drive from Senforce. Being a sucker for free stuff, I eagerly
examined the drive and even read the material. I learned Senforce had
thoughtfully loaded the device with malware.
Once the thumbdrive is inserted into your computers USB port, the
following harmless, yet very insightful experiment will begin, I was
* The program on the thumb drive will execute once your operating system
recognizes the device.
* The program will immediately identify and download the contents of
your My Documents folder to the thumb drive.
* You will not receive any notification or warning that your documents
have been identified and downloaded.
Nothing to worry about, I was assured. No harm will be caused to your
data or your computer. But, I was warned, it will be your responsibility
to monitor or destroy the thumbdrive once it is in your possession.
Thanks a lot, guys.
The publicity scheme is to raise awareness of a trick called
thumbsucking, a cute name coined by Senforce to describe the process of
using a U3-enabled device which can carry your software and data to
trick a computer into downloading data. A U3 drive does this by mapping
to two-letter drives when inserted into a computer, one of the drives
masquerading as a CD drive. When the computer sees this CD it uses the
AutoRun feature to launch the US3 LaunchPad on the thumb drive. If the
thumb drive happens to have a thumbsucking tool loaded on it and
Senforce includes detailed instructions for creating your own tool data
is automatically and secretly downloaded to the devices second drive.
There is no word yet if this technique is actually being used in the
wild, but depending on the size of the Senforce mailing list, I doubt
that it will be long before it is.
I was sorely tempted by their offer. The device is an unbreakable 2G
titanium drive with a handy lanyard. An accompanying letter egged me on
by saying, With the included drive, you are now capable of thumbsucking
any of your unsuspecting colleagues! Naturally we dont suggest it. Wink,
And if I had no playful or malicious inclinations, I should feel free
after testing to erase the script, and just use the drive as you would
No, thanks. I just dont feel like taking the risk. At least not on my
computer. And certainly not on a friends computer. How do I know that
the experiment is harmless or what else is going on in the background?
How do I know it will let me erase the script? I suppose I have
Senforces word for it, and it doubtless is an honorable company. After
all, they were honest enough to tell me about the software in the first
Maybe I'm being too sensitive about this, but it just seems wrong for a
security company to ship out hardware loaded with malicious code. Even
to entirely respectable persons like me. Still, it could be an effective
tool for creating a demand for an anti-thumbsucking tool, and I have to
admit that Im a little curious. So, take a look at the picture at the
top of this column, and if you see someone who looks like that sidling
up to your computer with a thumbdrive in his hand
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com