Beware of Lost and Found USB Flash Drives, They're Brimming with Malware, Sophos Says

rated by 0 users
This post has 13 Replies | 2 Followers

Top 10 Contributor
Posts 26,394
Points 1,192,615
Joined: Sep 2007
ForumsAdministrator
News Posted: Wed, Dec 7 2011 3:46 PM
If you should happen to run across a USB flash drive on the subway, you may want to leave it there, assuming you weren't planning to take it to lost and found to begin with. There's a good chance it's infected with malware, and that doesn't just apply to USB keys you find on the ground, but ones you buy at auction, too.

Security firm Sophos said it studied 50 USB keys bought at a major transit authority's Lost Property auction, and of those 50, two-thirds were infected with malware. That's bad news for the buyer, and the previous owner doesn't get off scot-free either. The study also revealed that drives were filled with information about many of the former owners, including their family, friends, and colleagues.


"We found 62 infected files in total. The worst key contained six infected files, representing four separate items of malware," Sophos said in a blog post. "We didn't find any OS X malware. But nine of the keys appeared to belong to Macintosh owners (or at least had been used extensively on Macs); seven of these were infected.

"In other words, if you're a Windows user, don't assume that you can automatically trust everything that comes from your Apple-loving friends. And even if you're one of those Mac users who is opposed to the concept of anti-virus software, consider softening your stance as a service to the community as a whole."

Another fun tidbit: none of the 50 USB keys were encrypted, though none contained any "smoking guns," like insider trading tips, credit card dumps, criminal plots, etc. There were, however, files containing tax deductions, minutes of an activists' meeting, photo albums of family and friends, software and web source code, and other information you typically wouldn't want to go around sharing willy-nilly.
  • | Post Points: 110
Top 200 Contributor
Posts 385
Points 3,845
Joined: Jun 2011

Use a Linux system to format it. Problem solved.

  • | Post Points: 35
Top 150 Contributor
Posts 509
Points 3,965
Joined: Oct 2010
Location: HOLLAND!!!!

my rule when approaching any wild storage drive: nuke first, ask questions later. curiosity gets you a virus.

CPU: e6400 @ 3.2 (H-50'd)
MB: MSI p6n
RAM: 4G adata
GPU: GTS-450 and 8800GTS for Physx
HDD: WD 500G Black
PSU: 620W Corsair  Mod.
Case: 900-2 with 7 cathodes and AP-15s
OS: W7 and Ubuntu

  • | Post Points: 5
Top 25 Contributor
Posts 3,795
Points 40,670
Joined: Jan 2010
Location: New York

Ya, always wipe before using. :D I haven't found one usb laying around yet :)

  • | Post Points: 5
Top 100 Contributor
Posts 997
Points 14,405
Joined: Nov 2009
Location: Ontario
Manduh replied on Wed, Dec 7 2011 7:08 PM

LoL at the data found, I wonder how many nudes were found on them :p

Anyway my NOD32 always scans any USB device as soon as it's plugged in, clean away NOD!

  • | Post Points: 20
Not Ranked
Posts 84
Points 960
Joined: Jul 2010
Location: Canada

Thanks for pointing this out... Earlier this year I found like 10~ USB's at my school and I'm not sure if they have viruses because I never plugged them in yet.

Now I'll be precaution and plug them in my friend's laptop first before plugging into mine ;) lol jk

  • | Post Points: 5
Top 10 Contributor
Posts 6,374
Points 80,315
Joined: Nov 2004
Location: United States, Arizona
Moderator

Ha! thats exactly what I was thinking Manduh...lol

"Never trust a computer you can't throw out a window."

2700K

Z77 GIGABYTE G1.SNIPER

GIGABYTE GTX670

G.Skill Ripjaws X 16gb PC2133

Antec P280

Corsair H100

Asus Blu-ray burner

Seasonic X650 PSU

Patriot Pyro 128gb SSD

  • | Post Points: 5
Top 50 Contributor
Posts 2,865
Points 29,645
Joined: Mar 2011
Location: United States, Connecticut

Also haven't found and USB keys but I have enough systems at my disposal that I can wipe any drives first before attempting to use them lol. Agree a ubuntu live CD is great for handling stuff like this.

  • | Post Points: 5
Not Ranked
Posts 2
Points 40
Joined: Nov 2011

And then have the problem of having a Linux system on your computer that can't do anything actually productive.

  • | Post Points: 20
Top 150 Contributor
Posts 501
Points 4,625
Joined: Dec 2011
Location: centennial park az

This is a little bit shocking. but i have never had a very large need for a usb port. those grenades look sweet though and i may have to get one, but sounds like illl be buying new for sure not used.

What i wonder is whether getting malware from a flash drive is worse than getting it from the internet and if one is harder for your anti virus to find and remove?

  • | Post Points: 20
Top 150 Contributor
Posts 501
Points 4,625
Joined: Dec 2011
Location: centennial park az

Now your being rude. linux is incredible with all sorts of productivity. the most productive years of my life was surfing through all the illegal programs i got from the bittorrent pre downloaded on my linux computer, adobe photoshop , rosseta stone, everry movie ever, ........etc.

  • | Post Points: 5
Not Ranked
Posts 84
Points 960
Joined: Jul 2010
Location: Canada

virus is virus... they all are dangerous :(

not sure if as soon as you plug the USB in the virus will stream into my system or there's a specific program that I must click on to enable them?

  • | Post Points: 20
Not Ranked
Posts 33
Points 270
Joined: Jul 2011
OmniDeus replied on Fri, Dec 9 2011 12:12 AM

you could also always get deep freeze and never have to worry about an infection again. oh, new virus out that hasn't got a fix yet? Reset -- fixed.

  • | Post Points: 5
Not Ranked
Posts 33
Points 270
Joined: Jul 2011
OmniDeus replied on Fri, Dec 9 2011 12:14 AM

some earlier versions of windows actually autostart some features on U3 enabled devices. For example, sandisk had some software that was installed on most of their U3 drives that would run as soon as you inserted the stick in. This was a horrible security flaw in the windows system, and was finally removed in one of the last major updates to windows 7.

  • | Post Points: 5
Page 1 of 1 (14 items) | RSS