USB Stick found in parking lot
Someone finds a USB stick in the parking lot.
He plugs it into his new Mac (with our modified system).
We assume here that the stick was ‘lost’ by someone planning that the stick might be inserted into an old system.
A window pops up and and says:
You have inserted a USB stick.
It seems to follow the protocol expected of an external disk with a file system whose top folder has the standard application wanting to be launched.
I have launched it.
It wants to see the contents of the root directory.
What shall we show it?
Several options are provided.
All are fake.
No actions are allowed to the mysterious code that have effects except perhaps create files that are visible only to it and the user.
In particular the program is allowed to write to the file system on the stick, but not really.
A virtual stick is created and writes go to that, not the real stick.
There is no “real root directory” to show the mysterious program.
Indeed the messages described here are from a program that lacks access to anything like the real root directory.
The above is a short path thru a broad swath of possibilities.
They describe the tools of an engineer whose job it is to reverse engineer malware.
None of this software is in the security reliance set.