1

I am using Ubuntu 13.10. If my laptop is infected with malware, can I get rid of it by creating a live usb on it and using that live usb format and re-install the ubuntu ? I mean is it possible that malware will find its way in live usb and hence infect the re-install ? If yes, how to get rid of it ?

Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
poltu
  • 11
  • 1

2 Answers2

1

It is definitely not safe. You cannot trust any drive that has been written from an infected machine.

There is no way to ensure the integrity of the live USB.

guntbert
  • 1,825
  • 2
  • 18
  • 21
  • Technically, you could compare hash values to determine if anything 'extra' was injected to the live USB. – Matthew Peters Aug 06 '14 at 20:14
  • @MatthewPeters actually, with the new "BADUSB" exploit, not even that is safe anymore, although I doubt anyone has implemented it yet, it won't stay that way for long – user2813274 Aug 06 '14 at 20:34
  • @user2813274, the findings for that exploit are preliminary. Regardless, unless you have exploited the hashing algorithms or hashing program or GUI that reads the hash I suppose, you can still compare two hashes... and yes, you can hash firmware as well. – Matthew Peters Aug 06 '14 at 20:41
  • @MatthewPeters the only problem with asking a firmware it's code for hashing.. is that it can lie – user2813274 Aug 06 '14 at 20:44
  • @user2813274, to my knowledge, this would require a hack to one of the three systems I already stated. I have never seen this done (or read about it). If you have an example, please let me know though! – Matthew Peters Aug 06 '14 at 20:54
  • @MatthewPeters [link](http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/) - I was suggesting an exploit in the firmware, where if asked for the firmware, it returns something that it isn't (neither of your 3 systems) – user2813274 Aug 06 '14 at 20:59
  • 1
    @user2813274, you're missing the point of [hashing](http://en.wikipedia.org/wiki/Hash_function) (that is you are not executing code but merely reading it's value bit by bit). Also [here](http://security.stackexchange.com/a/64547/43611) is some good info on debunking the horrors of badusb – Matthew Peters Aug 06 '14 at 21:12
  • @MatthewPeters of course hash algorithms are safe, but you wouldn't hash the firmware of the device, but what the (possibly malicious) device has told you. You aren't executing code, but the device does. Your mentioned link doesn't debunk much on the firmware point. – user10008 Aug 06 '14 at 22:14
1

It is technically possible for malware to infect your live USB if you create that live usb from the infected pc.

Personally, I would never consider doing what you are asking to restore a system because you can never be sure you've gotten rid of all malware. However, you can attempt to create the live usb and restore your pc and once restored, simply compare the hash values of the live usb with a trusted source to see if there was any malware transferred over.

Now, the above method is still vulnerable in several ways. Namely, that some malware can hide deeper than the OS level and thus evade a clean reinstall.

Also, note that malware could transfer itself to the usb drive itself (firmware or otherwise not within the legitimate files) and it could be difficult to determine that.

Personally, I would find a trusted pc to create my backup disk. If I am paranoid (which I am), I'd sell the pc on Craigslist and get a new one.

If you have no other source (no friends or job) and do not use your pc for sensitive work (IE designing nuclear missile warheads) and only want to use your pc for gaming and/or porn, then simply creating a live usb and restoring will most likely do the trick.

Matthew Peters
  • 3,592
  • 4
  • 21
  • 39