Another reason to avoid 'found' thumb drives

By on
Another reason to avoid 'found' thumb drives
Some people find these and put them in their PCs. Amazing, we know.

The Bad Guys have found a new way to steal your data. Over the years there have been cases where malware-laden USB thumb drives have been deliberately left in corporate car parks in the hope that employees will pick them up and plug them into their computers.

These attacks have generally used fairly standard approaches such as Autorun files, which have since been largely mitigated by changes to Windows and by the widespread use of security software.

But security vendor ESET says it has discovered a new type of malware in the wild and being spread via USB storage devices. Worryingly, it leave no traces on the affected computer, so it won't be detected by routine scans.

The malware - dubbed 'USB Thief' - steals data by hooking into the 'portable' versions of applications such as Firefox that can be run from a USB drive without being explicitly installed on the computer, the company said. It also attempts to bypass security software.

"It seems that this malware was created for targeted attacks on systems isolated from the internet," according to ESET malware analyst Tomáš Gardo.

The malware is 'keyed' to the specific USB drive, so it sounds as if there's little chance of it spreading accidentally. Or, for that matter, deliberately by someone that has got hold of a sample.

But now word of USB Thief has got out, it is arguably less valuable for going after specific high-value corporate targets, as such organisations are likely to ensure their systems are protected against it. Consequently it may crop up more widely, though still selectively given its relatively high cost of distribution. Small businesses with large customers could be worth targeting.

So look a gift (Trojan) horse in the mouth when it comes to a found USB storage device, and resist the temptation to plug it in to see if there are any interesting files... err... to see if there's any information on them that might help you return it to the rightful owner. And check with your security software vendor that it provides detection for this threat.

Copyright © BIT (Business IT). All rights reserved.
Tags:

Most Read Articles

You must be a registered member of Business IT to post a comment.
| Register

Poll

How long has your business been operating?
Up to 2 years
2-5 years
5-10 years
More than 10 years
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?