Wednesday, July 11, 2012

Dangers of Plugging a Lost USB Flash Drive into Your PC

USB Flash DriveWhat would you do if you found a USB flash drive in your company parking lot?

Would you turn it in to a receptionist – or possibly lost & found – in hopes that it somehow finds its way back to its original owner? Or would you let curiosity get the best of you by rummaging through the files first?

Anyone that opted to do the latter would learn first-hand that curiosity not only killed the cat, but lead to a computer infection as well.

When an employee at DSM, a multinational chemical company based in the Netherlands, stumbled upon a lonesome USB flash drive in the business parking lot, they took a pass on taking a peek and turned it into the IT department.

This decision turned out to be a very good one, considering the IT staff discovered that the thumb drive contained spyware configured to steal usernames and passwords and relay them to a command & control server.

As a result, a warning was quickly issued, any other “lost” USB flash drives were collected, and the company completely shut the door on any possibility of the bad guys nabbing login credentials by blocking the IP addresses of the command & control servers that the malware communicated with.

Although this particular malware attack was unsuccessful, it serves as a reminder that users should be cautious when plugging removable storage devices to their computers. Even if the flash drive was indeed lost, there’s still a very good chance it has malware on it anyway.

To minimize the possibility of having their computers infected with malware lurking on a USB flash drive, it's recommended that users:

  • Disable Autorun in Windows.

  • Scan the devices with your antivirus software – regardless of what operating system you use.

  • Open the USB drive with a virtual machine.


Image Credit: Peter Hosey

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment