Jump to content
Sign in to follow this  
Zzozzach

Securely boot from SD card?

Recommended Posts

Whoa...first post in Tech Talk for more than 3 years!

 

Anyhoo...I just wanted to sanity check something. I've been handed a PC at work that's been hit by Cryptolocker; there's nothing I can do other than wipe it clean, reformat, and put Windows back on. My concern now is how to securely boot it from an external source. As with most modern computers these days it doesn't have an optical drive so a CD or DVD is out of the question. This leaves either boot from USB thumb drive or PXE; the latter is completely out of the question because I (obviously) don't want to plug an infected PC into the network. USB is not attractive because of the risk of infecting the drive, and thus reinfecting the PC, plus I don't have an endless supply of disposable drives.

 

So, I'm wondering if anyone has tried using a USB SD reader with an SD card that has the write-protect switch on. I.e. put all the boot files I need onto the card (Linux live CD? Partition manager? Windows 7 ISO?) which will give me enough to manage the drive and reformat it, and plug that into the USB reader. I'm assuming it should be recognised as Just Another Drive but I wanted to check here first, and to see if simply using the write-protect switch will be enough protection.

Share this post


Link to post
Share on other sites

If you want to be 100% certain, why not an external USB CD/DVD drive?

 

Edit: Argh, just beaten! :P

Edited by SquallStrife

Share this post


Link to post
Share on other sites

If you're booting from install media then you're not booting the OS that has crypto on it.

 

You'll be fine whatever media you use.

Share this post


Link to post
Share on other sites

If you're booting from install media then you're not booting the OS that has crypto on it.

 

You'll be fine whatever media you use.

I know that, let's just say that I'm being anally over-cautious. We had an entire domain taken down by Cryptolocker last year...twice (thank goodness we had decent backups, but even they took a couple of days to restore). So, I'm damn well not going to be responsible for that happening again!

 

The USB CD/DVD drive is a good idea, I'll have a fossick around and see if I can dig one up. We have a cupboard full of junk, goodness knows WHAT is in there. I only asked originally because one of the staff here has a SD card reader and an old 2Gb card they don't really care about, so it was a case of materials that are on-hand.

Share this post


Link to post
Share on other sites

You should be OK to boot from SD card in USB reader. Additional advantage is you could write protect if a full sized SD card is used and the booted OS doesn't need to write to it.

Though it can vary among PCs. They can get fussy depending on exact media type, which slot it's plugged to, whether other like devices are present etc etc.

Share this post


Link to post
Share on other sites

You should be OK to boot from SD card in USB reader. Additional advantage is you could write protect if a full sized SD card is used and the booted OS doesn't need to write to it.

Though it can vary among PCs. They can get fussy depending on exact media type, which slot it's plugged to, whether other like devices are present etc etc.

 

Yeah only full sized SD cards have that, USB flash drives, mini and micro SD do not.

Share this post


Link to post
Share on other sites

Not knowing much about Crypto's but from what i read on other sites to stop he spread its best to get rid of Crypto first on the drive.

 

Just grab Malwarebytes and see if that can pick it up. If its on one PC then it most probably infected all PC's your companies network ,so reformatting the drive could make it more attractive to getting infected again.

 

If its a Windows System can you do a recovery and roll it back to an earlier date?

 

But i would check Malwarebytes as they have heaps of tools including bootable media images.

Edited by codecreeper

Share this post


Link to post
Share on other sites

Not knowing much about Crypto's but from what i read on other sites to stop he spread its best to get rid of Crypto first on the drive.

 

Just grab Malwarebytes and see if that can pick it up. If its on one PC then it most probably infected all PC's your companies network ,so reformatting the drive could make it more attractive to getting infected again.

 

If its a Windows System can you do a recovery and roll it back to an earlier date?

 

But i would check Malwarebytes as they have heaps of tools including bootable media images.

 

It's a standalone PC that wasn't plugged into the network, and we were able to isolate it before anyone decided to connect it (learnt that lesson the hard way last year - see the OP). We suspect the attack vector was an infected USB drive since the primary purpose of this computer is somewhere staff can poke foreign storage media into. It was never backed up because there's no need to preserve any of the data so a rollback is totally unnecessary, nor do I need to spend any time hunting down the infection. Thus, a complete repartition and reformat will be the easiest and simplest method.

 

As it turns out, I was able to dredge up a USB DVD writer from the Cupboard of Mysterious Objects®, plus I had a copy of Bootit-BM on disc at home. I've been able to wipe all the partitions, clear the MBR, and securely wipe all data (on it's 5th pass right now). Once I've got Windows back onto it I'll run some standalone virus/malware scanners across it. If the infection survives that then I've got much bigger problems to worry about.

Share this post


Link to post
Share on other sites

Err, yes some trojans try write themselves into the the hard drive firmware but those aren't common thank God. I think Mac OS X had a vulnerability which allowed a trojan to scramble the hard drive firmware.

Edited by Jeruselem

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×