0

I bought a USB thumb drive on ebay. It seems like much too good of a deal ($20 for a 512GB drive, as of 2015-08-10) which makes me suspicious about malware on the drive. How can I test it to see if it has malware, whilst also not infecting any of my PCs with malware?

I was thinking I could unplug all hard drives, boot with a Linux live CD, then format the drive. Would that be considered a secure process, or, for example, could my BIOS get infected if I were to do this? And is it possible for the drive to contain malware even after I format it? If so then how could I detect this?

mulllhausen
  • 628
  • 2
  • 7
  • 14
  • 1
    People don't sell real 512GB flash drives for $20, as they currently sell for over ten times as much. So, you must ask yourself: why did this person sell you this device? Either it isn't what they say it is (see link in answer by @dr01) or it will harm you in some way that makes them money. – Daniel Griscom Aug 19 '15 at 14:55

1 Answers1

1

Yes, you could plug the USB drive into a Linux Live CD and format the disk. Once it's formatted, it's safe to use.

Note that this would not thwart any infection if the malware is in the USB firmware, but that's a remote possibility and I wouldn't be too much paranoid about it.

There is a better reason to be suspicious about good deals on USB thumb drives bought from unreliable sources: they might have a tampered firmware that let them sport a fake capacity, so your 512-Gb drive can in fact hold only 4 Gb only.

dr_
  • 5,060
  • 4
  • 19
  • 30
  • how might i detect malware in the firmware? the fake capacity would be annoying, but i guess i'd just get a refund and a free small usb :) – mulllhausen Aug 19 '15 at 08:29