
Ask HN: How to tell if my Linux server has been infected by a mouse - tboyd47
Hey HN,<p>I recently purchased a cheap mouse online and used my desktop Linux server USB port to charge it. Is there any change the mouse was malevolent, and is there any way I can make sure it didn&#x27;t introduce a virus into the system?<p>Thanks!
======
mc3
I guess it is possible, although most likely if they are putting malware on
mice they are targeting Windows.

(At first I thought it was a joke, alluding to Linux users love touch typing
at 120WPM and hate using a mouse, so any mouse peripheral is an 'infection').

~~~
jolmg
I'd forgotten what a mouse was and thought the OP wanted to check if a rodent
was inside the box.

------
srcmap
I used to do the follow to learn more about linux system and how various sw
components worked over long period of times on a personal server:

    
    
      1) Create git repo, add all /usr/* /bin /sbin /etc to git. 
      2) Use utilities to monitor all TCP out going connections to see which apps were connecting to network. 
    

It was a fun exercise to see what components, config files were change over
time.

------
benologist
I think mice could easily be used to infect hardware because my Razer mouse
tries to install some crapware occasionally.

I think I have only seen it in Windows but I don't know if that means linux
cannot arbitrarily execute files hosted on a mouse, or if Razer skips the
install because it has no compatible crapware.

~~~
half-kh-hacker
Actually, this 'auto-install Razer bloatware' behaviour is a feature of
Windows itself.

The mouse merely presents itself as being from a certain manufacturer, and
Windows asks the user if it should fetch the drivers (and any other bundled
crapware Razer wants to load on there).

There is no installer payload inside the mouse.

~~~
dylz
I have had peripherals present on initial plugin as a USB flash drive with
autorun.inf, autorun.exe. Then, after the drivers install (or you unplug and
re-plug), it presents itself as a HID or other device you were xpecting again.

This is extremely prevalent with a lot of smaller things, particularly noname
Chinese brands. I have ordered and received things like wifi USB adapters and
BT4 adapters that came preloaded with autorun malware (I don't enable
autorun). Presumably because the master at the factory was already infected or
something, if it isn't intentional.

Razer's might just be WU getting "official drivers", but this is 100% not part
of WU, extremely common, and often available on Amazon through thousands of
brand names (fake) originating from the same factory.

------
perl4ever
I thought it was standard policy in any corporate IT security department these
days to warn people not to plug in _any personal device whatsoever_ with a usb
plug, even, say, a fan or coffee warmer. Is it really possible for a usb
device to be too small to contain a virus?

~~~
tboyd47
I'm self-employed and this is a personal server. I'm looking more for advice
on how to check for infection.

~~~
perl4ever
There is no way in principle. You could have code that sleeps for 1,000 years.
I think there was a HN thread about that.

