USBdumper runs silently as a background process once started and copies the complete contents of every connected usb device to the system without the knowledge of the user. It creates a directory with the current date and begins the background copying process. The user has no indication that the files stored on the USB device are copied from the USB to the local system.
The only indication to find out is to find the process listed in the Windows Task Manager or a third party process manager, or to accidentally stumble upon the directory the files are copied to.
The program itself is listed in the Task Manager but you would still have to investigate further to find out what it is doing and that requires sophisticated programs that monitor the system so that you can check out all the activities and events that happen on it.
Just imagine this tool running on a public computer with no access to the task manager or a software like Process Explorer. You would not know that the files are copied. What could you do to protect against this program? You could encrypt your data, if you use a tool like True Crypt for example. Even if the files are copied they are useless unless the "attacker" knows your passphrase. That is of course, unless you decide to mount the encrypted container to make the files accessible on the PC.
The files are automatically stored in the directory the program is started in. Depending on the size of the drives that get connected to the PC, enough storage space needs to be available on the drive the program is executed from.
The program can obviously be used for other than malicious purposes, for instance to automatically backup the data on USB flash drives that are connected to the PC without having to worry about that at all.
It has a very low memory threshold and should not have any impact on the performance of the operating system while it is running. While initially designed for Windows XP, it appears to work fine under newer versions of Windows as well.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.