But the USB device gives a descriptor list stating the endpoints etc. to the host. Using buffer overflows in the USB stack was how the PlayStation got breached, after all.
And we all know that USB sticks (or, rather their flash chips) can be reprogrammed at will. USBest, I'm looking at you. (See also flashboot.ru, the stuff you can do with these tools is amazing.)
If this malware is actually real then exploiting a large variety of different USB stacks (whether it's done via the the BIOS or OS stack) seems implausible. Maybe the flashed usb stick either:
1) Hides a bootloader on the devive that runs at reboot (assuming the BIOS allows it).
2) Pretends to be some kind of device (that most OS's have stock drivers for) that allows it to access main memory. Maybe it pretends to be a USB to firewire bridge (or something similar that gives it DMA).
Oh, it's just three or four USB stacks you have to mess up: 1) Windows (hey, they've found bugs exploitable in every Windows from 95/98 up to 7!), 2) Linux, 3/4) Phoenix/Award BIOS.
Assuming a government is the adversary (and we ALL know that the NSA sits on a very comprehensive list of exploits!), then this part is actually the easiest.
It's not just four stacks (or more, because the article also mentions Apple Macs and BSD) that you have to "mess up". You also have to mess them up in such a way that you can exploit them without a disk even being mounted. That four/five/six stacks are all exploitable to this extent because of buffer overruns (or similar) seems implausible.
If that's the suspision, then use an exotic platform to dump whatever the drive is doing. I know a guy who got usb mass storage devices working from a Zilog z80 based calculator. I doubt an arbitrary usb malware is going to be clever enough to effectively subvert an arbitrary homemade USB stack on a (these days) obscure arch.
