Now that consumers have gotten savvier about monitoring their computers for malware (malicious software) spread via email and software downloads, hackers are increasingly using alternate methods to spread their malicious code.
A new report released by PandaLabs reveals that 25 percent of malware that has been discovered so far this year has been programmed to spread through the use of USB devices connected to computers. Affected devices include any type of USB device that contains flash memory storage including memory sticks, external hard drives, cell phones, digital cameras, and personal media players.
The vulnerability occurs when someone alters the Autorun.inf files on such devices with commands that enable malware to run when the device is plugged into a computer. The infection would then spread silently to the computer and any other USB device that was subsequently plugged into the machine.
In a survey of small businesses, PandaLabs discovered that 48 percent had been victims of malware in the past year. Of those businesses infected, 27 percent were able to verify that a compromised USB device was at the root of the issue.
Even the United States military has been victim to one such USB worm attack. The Washington Post revealed last week that a hacked USB drive was the source of a 2008 security breach that exposed data on Central Command computer systems. This is the first on-the-record disclosure by Pentagon officials that confirms classified data was accessible to foreign intelligence because of the breach.
The best way to prevent the spread of USB-transmitted malware is to disable autorun functionality. While there are ways to disable autorun features within Windows operating systems, Panda Security has released a free utility which disables autorun utilities on both the computer as well as on connected USB devices.
While I’m not surprised that these types of infections are on the increase, I am quite shocked that the US military computer systems had fewer safeguards enabled against such attacks than the major corporation that I used to work for. Many companies have instituted policies prohibiting employees from connecting personal devices to their work computers. Some have even disabled USB functionality completely.
Have you been the victim of malware that spread through a USB storage device? If so, please share your story in the comments.
