IT security company Panda has announced that 25% of the new worms in 2010 were designed to be spread via USB device.
What does this mean?
A growing number of computer infections are taking place via USB devices such as thumb drives, external hard drives, mobile phones, portable music players, etc. These infections take place silently when the device is plugged into the computer via the autorun process in Windows. While computer worms are still mainly spread via email, this report indicates that a newer method for spreading malware is gaining significant momentum and once again gives us cause to remain vigilant when it comes to computer security. Of course, before you can get infected by a USB device, that device first has to be infected somewhere else which means this is something that is much less likely to come from your phone or mp3 player (unless you loan it to someone) than it is from an external hard drive or thumb drive.
What should I do?
First, never trust a foreign device. If you don’t know the origins of the device, consider it hostile. USB thumb drives are extremely cheap these days. So cheap that many are given away as schwag at trade shows and expos. How easy would it be for a bad guy to accumulate a bunch of these, infect them, then ‘lose them’ outside of targeted businesses or homes? When an unassuming employee comes along, they pick it up, plug it in, and suddenly there’s a corporate infection for the IT department to deal with. If this is an as of yet unidentified piece of malware, a considerable amount of damage could be done by the time it is found out. If you find a USB drive, throw it away or hand it in to your IT department. If you absolutely must know what is on it, boot up from an Ubuntu Live CD and check it out. That will keep you from getting the infection. If you are in an environment that requires you to swap flash drives with people, downloading the free USB Vaccine from Panda is a good move. This will disable the autorun feature for USB devices in Windows. Just be warned, it will stop the autorn feature from working with external CD drives as well. But, if you are in an environment that uses flash drives, it’s worth the inconvenience. Of course, following these steps is essential as well. Above all, be vigilant. If for instance, you loan the compact flash card from your camera to someone, it could come back with malware on it. When you plug your camera back into your computer, you’ve got it. Treat every USB device like it’s a flash drive. Treat every flash drive that’s been out of your possession as suspect.