How do I safely use a virus infected USB drive in Ubuntu?

Question

I have an USB drive which I know is virus infected (an anti-virus on my friend's machine detected it). Unfortunately neither of us know the virus name and I don't want to take the risk of plugging it to my Windows box again.

Of course, in all probability the virus affects only Windows. (But I'm not sure) I want to know if I can safely plug the USB into my Ubuntu Lucid laptop and copy the stuff I need from the drive. If there are some precautions I need to follow what would they be?

Answer 1

Linux systems usually do not execute code from a USB stick when just connecting it. Thus copying stuff from it should be safe.

Keep in mind that the copied files may contain malicious code. For example, some evil java-script inside a html file or an evil office-script inside you word/open-office-writer documents. That means, you should be careful with these files - don't open these files with programs that are known to execute embedded scripting code.

Well, and don't directly execute binary executables that are copied from that stick.

Answer 2

Viruses that work on Linux are rare, but they do exist. I would recommend scanning the USB volume with ClamTk (It's just called "Virus Scanner" in Software Center). This will help you to identify the virus, which may be useful information. You might consider re-scanning the volume after reformatting it as well. It's probably overkill, but it shouldn't take long.

Answer 3

There is very little to worry about. Just copy the files you need to your laptop then format the drive. Don't copy files if you don't know what they are because these are likely to be the virus. Make sure you don't execute anything on the drive just to be safe.

Answer 4

How to "safely" plug in a usb drive to Linux.

Here are my approaches. This is especially useful if you're worried about the USB "drive" actually being a microcontroller which identifies itself as a USB HID device like a keyboard and mouse combo and starts running commands on your computer by typing and using a mouse--same as you would. One example of this is the Hak5 "USB Rubber Ducky. An 8-bit Arduino Leonardo or Pro Micro (ATmega32U4 mcu) can be made to do this too using the USB Keyboard and Mouse libraries. Most 32-bit microcontrollers can do this too.

So, if that kind of stuff happens, you want to wipe your whole OS when done, and you want to be running a "blank" OS with nothing personal on it at the time you plug in the device. Here are some options.

1. Preface notes:
   1. If you need the internet at any point on your "throw-away" OS while using the questionable thumb drive, connect only to a guest home WiFi network, which restricts access from the rest of your network. Do NOT connect to your main home WiFi network, as that would open up vulnerabilities to other systems on your network, since being on the same wifi network as them would make their IP addresses accessable.
2. Option 1 (safest option I think): use a virtual machine
   1. Install Ubuntu into a fresh virtual machine in Virtual Box (no cost to use), running in Ubuntu.
      1. ie: In Ubuntu, install Virtual Box, into which you install another Ubuntu system as a virtual machine.
   2. In the Virtual Machine, plug in the USB drive and copy files to/from it as needed.
   3. Reset or delete the virtual machine when done.
   4. Note: if you need to share files between the virtual machine and your real, host computer, you can copy files to and from a shared folder that is shared between the virtual machine and your host computer.
3. Option 2: boot from an Ubuntu live USB which is run from RAM
   1. Note: if you choose this option, I recommend you have your main, internal hard drive LUKS encrypted so that even if a program tried to mount and read from or write to your internal disk, it couldn't. LUKS encryption is an option when installing Ubuntu as your main OS, for instance.
   2. Install Ubuntu or similar to a live USB, intended to install Ubuntu.
      1. You can also use Parted Magic instead, for $13~$49. It's a great tool! (I'm not affiliated in any way; I just like the tool and frequently use it for computer restore and repair).
   3. Boot from the live USB, but choose the option to "run from RAM" (assuming you have enough RAM).
   4. Once the OS boots and has copied everything needed from the thumb drive to RAM, unplug your boot drive.
   5. When done, just turning off the computer "wipes" the whole OS you just used, since it was all in RAM only.
   6. Note: if you need to get files to or from the thumb drive you are plugging in, you may be opening up a security vulnerability, which is why I feel like Option 1 above is better. You could, however:
      1. Mount your main drive.
      2. Plug in another USB drive.
      3. Leave the boot drive plugged in and use it to share files.
      4. I don't think any of these are super secure options, so do them only if you can't do Option 1 above.

See also:

1. I also shared this here: Information Security: Safe to connect a USB to Linux?