AUGUST 2012: USB flash drives (or thumb drives) have never been the pinnacle of security but the problem is getting worse for tech-loving frogs worldwide. New and clever malware code is circumventing the usual routes to get at your data. This means each time you pop a drive into your USB port, you could be getting — and later spreading — a new virus. Yikes.
Here’s what’s going on and what you can do about it:
The growing trend is a combination of sophisticated code and unsophisticated users. It’s estimated that 12-17% of all malware is spread though infected USB drives. And a whopping 66% of USB drives are probably infected.
A piece of malware called INF/autorun, for example, installs automatically (behind the scenes) from USB drives onto computers. Hence the “autorun” part of its name. And like most malware today, it got on the thumb drive automatically, too. The latest malware code copies itself onto every thumb drive it recognizes. How convenient! It’s an easy way to spread its nasty self from computer to computer without having to convince users to click on a link or open an infected file.
Another example is called Flame, a spying malware, which can copy data from computers that are not connected to the Internet and store the stolen information in hidden files on the thumb drive until it detects an Internet connection again. Even months later, it will upload the stolen data to a secret server in the sky.
How many thumb drives are currently infected? Most of them! The antivirus firm Sophos looked at three bags of thumb drives lost by train commuters in Australia and found two-thirds were infected with at least one strain of malware. Plus they were loaded with personal information, including photos, passwords and other tasty tidbits. Thumb drives are ultra convenient but also ultra risky because we lose them like crazy.
Malware writers absolutely love sloppy, absent-minded users. Thwart their dastardly efforts by:
1. Turning off AutoRun (all Windows operating systems) and AutoPlay (Windows 7)
2. Update your antivirus software (seriously, do this right now) and run it with your USB drive plugged in
3. Use the built-in security features on your thumb drive
Most thumb drive malware is stoppable! Check out this article from US Cert and this one from InforWorld for additional information.