Create fake virus message

This is not homework, seriously :)

My manager said there's some client conference and they want to show that we care about security. He said they want to leave a USB on a table and have a note on it ... something like...financial data...and see who takes it. If that person puts the USB/flash drive in his laptop, he wants the user to see a fake message... you have a virus whatever.

He said this can be done with some ini file and ini file needs to be on the USB/flash drive and when it's inserted, that ini is going to run. Something like that.

I pushed it off on the jr developer :) but now I'm thinking about it and I'm wondering how the code can be done for it. Any ideas?
LVL 8
CamilliaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
First, if you really desire someone to insert it + use it, don't label the drive. Labeling is a clear indication you've just dropped down bait.

Second, you must be very careful how you go about this + in what country where conference is running.

In some jurisdictions (countries) simply doing this as an example or test case violates serious laws, which can land people in a dark prison.

This includes, the US, depending on exactly what's on the thumb drive + exactly what occurs when it's inserted.

This is not a matter for some idiot... er, I mean, highly competent manager to orchestrate. This is a matter for your company's legal department to consider.
0
btanExec ConsultantCommented:
I believe it is using Autorun.inf - autorun HTML, PDF, PPT, DOC etc. But it needed autorun to be enable which may be disabled by default in company policy

https://www.howtogeek.com/236241/how-to-enable-disable-and-customize-autoplay-in-windows-10/

To create the inf file.
http://www.allusb.com/usb-explained/usb-autorun

Type “shellexecute=” without the quotation marks, followed by the PDF file name in question. If the file resides within a subfolder, include its title before the file name while separating the two with a backslash. An example would be “shellexecute=foldername\test.pdf.” Ensure that the actual file names and the written commands do not include spaces.

Click the “File” menu, followed by “Save As.” Name the text file “autorun.inf” and then click “Save.” Note that this changes the default ".txt" extension to ".inf," which is necessary for the Autorun command to work
0
CamilliaAuthor Commented:
@David, I didn't know that. Thanks for the info. I know...just feels like a stupid thing to demo.

@btan , let me look at your info.

Hopefully, my manager will forget about this silliness.
0
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

kenfcampCommented:
just feels like a stupid thing to demo

IMO you're right, it is. At least as proposed.

If I were thinking about doing something like this (and I'm not) I would display something like "YOUR DATA HAS JUST BEEN ENCRYPTED"
and then go into a small tutorial about security explaining what had just happened and why "If this had been an actual attempt" etc etc etc... "Never put foreign or media from un trusted sources on network devices", etc etc etc

End with logo, sales pitch, contact info

But I wouldn't do even that with out running it past your legal eagles

Just my 2cents

Ken
0
btanExec ConsultantCommented:
Actually if intent is to level up awareness, consider sending phishing email instead and there is more indicator of compromise
https://www.experts-exchange.com/articles/31731/Am-I-being-hacked-What's-next.html?headerLink=workspace_article

or simply put in the USB with "eicar" file and AV will alert by default. The AV prompt may already "phished" the boss.  
http://www.eicar.org/85-0-Download.html
1
CamilliaAuthor Commented:
Emailed my manager the info from this thread. He said he didn't know Autorun needs to be turned on and didn't know about legal issues.

I don't understand that "eicar" link. AV prompt?
0
kenfcampCommented:
I don't understand that "eicar" link. AV prompt?

An eicar file is a file that will trigger a antivirus virus alert

The file / signature is 100% safe it's used all the time for testing purposes
0
kenfcampCommented:
Eicar
http://www.eicar.org/86-0-Intended-use.html

Just copy and save this to a text file and save it to a thumb drive, CD, etc
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Open in new window


Make sure your antivirus is suspended first though otherwise it'll be captured as you create it
0
CamilliaAuthor Commented:
thanks, let me take a look.
0
btanExec ConsultantCommented:
Thanks kencamp for the eicar sharing.

As for the Autorun, that is Windows feature.  think of it simple as autoplay. Can try out. Due to malware spreading through thumbdrive,  security policy mandate tends to state it to be disabled by default. If you have security folks, can check out with them too.
0
AndyAinscowFreelance programmer / ConsultantCommented:
Just a small comment from my side.
I agree totally that this is a bad idea and probably would not work anyway due to the autoplay being disabled.

It might be better to prepare a laptop with the autoplay enabled and the USB stick then as part of your display demonstrate what can happen just by plugging in the usb stick.  You could even show them a folder and its contents.  Then plug in the stick which will delete (or modify) the files.  Then plug the stick in and show them the folder contents no longer exist - no warnings....
1
Gustav BrockCIOCommented:
I agree totally that this is a bad idea

Indeed. Talk your manager from this stupid happening. Security is nothing to play with. Seriously.
0
kenfcampCommented:
As for the Autorun

Technically using the Eicar Autorun shouldn't even be needed.

The antivirus should jump on it as soon as the thumb drive is mounted
0
kenfcampCommented:
Security is nothing to play with

Well yes and no, there's just a right way and a wrong way to go about doing it.

Scaring the bejesus out of a customer, regardless of the intent is definitely the wrong way and will likely be counter productive
0
CamilliaAuthor Commented:
Thanks , guys. Yes, very stupid. I've sent him the info... held back and didnt call him stupid:)
0
btanExec ConsultantCommented:
Maybe some scary case study may suffice. Stuxnet and Conficker are easily googled and well known to have used thumbdrive to spread. It is not just a hygiene issue negligence but a bigger issue it can be if the root cause is due to such ignorance. :)
0
Shaun VermaakTechnical Specialist IVCommented:
Here is a tool used in such a drop test
You can download our special, "beaconized" file onto any USB drive. Then label the drive with something enticing and drop the drive at an on-site high traffic area. If an employee picks it up, plugs it in their workstation and opens the file, it will "call home" and report the "fail" to your KnowBe4 console. And for Office documents, if the user also enables macros (!), additional data is tracked and geomapped.
https://www.knowbe4.com/usb-security-test
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CamilliaAuthor Commented:
thanks, Shaun, let me look,
0
btanExec ConsultantCommented:
The USB drop test is good. KnowBe4 has nice awareness toolkits

https://www.linkedin.com/pulse/free-security-tools-ransomware-ceo-fraud-more-steve-morgan/
0
CamilliaAuthor Commented:
thanks, guys. This was very helpful.
0
kenfcampCommented:
Anytime, Good luck
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.