Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

25% of Worms Spread Via USB

CmdrTaco posted about 4 years ago | from the to-your-mom dept.

Security 190

An anonymous reader writes "In 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers, according to PandaLabs. This distribution technique is highly effective. With survey responses from more than 10,470 companies across 20 countries, it was revealed that approximately 48 percent of SMBs (with up to 1,000 computers) admit to having been infected by some type of malware over the last year. As further proof, 27 percent confirmed that the source of the infection was a USB device connected to a computer."

cancel ×

190 comments

Sorry! There are no comments related to the filter you selected.

No, really? (3, Insightful)

oodaloop (1229816) | about 4 years ago | (#33381046)

Since pretty much everything is connected with USB these days, is this any kind of surprise? Were there any worms spread using a serial port?

Surprise? (5, Insightful)

Joce640k (829181) | about 4 years ago | (#33381086)

It's only going to surprise people who thought nobody would be stupid enough to enable autorun by default in a consumer OS.

Re:Surprise? (2, Insightful)

Jedi Alec (258881) | about 4 years ago | (#33381290)

Honestly, that has been annoying the crap out of me since the very first release of Windows 95. How *anyone* could think that is a good idea continues to baffle me.

Then again, turning it off for all possible devices and situations is very satisfying :)

Re:Surprise? (3, Insightful)

Darkness404 (1287218) | about 4 years ago | (#33381342)

Remember the days of DOS and having to try to walk someone through installing something through DOS (with a CLI mind you) and how many people couldn't just type the drive right? Misspelled Install every single time, etc?

Yeah, autorun might be a security nightmare, but its a lot nicer for anyone who has had to do tech support with clueless users.

Re:Surprise? (4, Funny)

oodaloop (1229816) | about 4 years ago | (#33381442)

Oh, whoops! Was I standing on your lawn? Sorry 'bout that.

Re:Surprise? (2, Interesting)

Jedi Alec (258881) | about 4 years ago | (#33381560)

Oh, I do remember the days of DOS. I also remember that anyone too retarded to use a combination of dir and cd almost by definition did not get to touch a computer.

As for autorun being good for tech-support, I wonder how many calls could have been *prevented* by disabling it. And I've had my share of calls as well, so I know the drill ;-)

Re:Surprise? (1)

hedwards (940851) | about 4 years ago | (#33381984)

Indeed, the manual for DOS being larger than the Bible probably didn't hurt either. One of the nice things about Macs at that point in time was that they'd require you to unmount the disk before ejecting it. Granted you did have the paperclip option, but it was generally only used for emergencies.

Whereas with DOS you had to be somewhat careful about taking disks in and out to avoid filesystem corruption.

Re:Surprise? (0)

jedidiah (1196) | about 4 years ago | (#33381634)

> Remember the days of DOS and having to try to walk someone through installing something
> through DOS (with a CLI mind you) and how many people couldn't just type the drive right?
> Misspelled Install every single time, etc?
>
> Yeah, autorun might be a security nightmare, but its a lot nicer for anyone who has had to do tech support with clueless users.

If you can't poke around a disk with a GUI and find the thing that says "RUN ME", you really shouldn't be using a computer.

Stick to TVs and whatnot.

Re:Surprise? (3, Insightful)

Jimmy King (828214) | about 4 years ago | (#33382050)

While I agree with you, this is unfortunately not the way the world works. It was more profitable to insist that everyone needs computers and that they are easy to use and require no training or knowledge and would just work.

So now we've got a few people who can't and never would be able to manage that who have computers and use them daily. Then we have a bunch more people who could manage that, except marketing (and even some IT pros that seem to give advice based on what would be ideal rather than what actually is) has told them that it just works and they don't need to have a clue what's actually happening or how to do anything because it will all just happen for them. So now, even though they could learn how it works and how to do things, they don't and are convinced they shouldn't have to and get upset when something doesn't just work, trouble and risk free.

The best solution, of course, would be to get it through to people that computers are actually not simple and are very complex and require some level of understanding and research to use effectively and safely. That's a lot easier said than done, though, since no one wants to hear our opinion on the situation. The ones that do want to hear it likely don't need us to tell them.

Re:Surprise? (5, Interesting)

DavidTC (10147) | about 4 years ago | (#33381900)

Yes, but an equally useful thing would have simply been a 'Install program' menu item, that, when launched, looks on all removable media for autorun.inf files or whatever, and presents their devices, names, and icons in a little list where you pick one.

Automatically running it was just stupid. You can automate systems but still put a menu item to start the process.

Hell, in some cases, that would result in less steps. We've all had to walk someone through an install progress, and ended up first having to uninstall something else or update a driver and then reboot...at which point, to get autorun to work, they have to eject the damn CD and put it back in.

Re:Surprise? (1)

Joce640k (829181) | about 4 years ago | (#33381930)

You're implying that tech support for people who've been infected by a virus is easier...?

Re:Surprise? (1)

hedwards (940851) | about 4 years ago | (#33381962)

This is precisely why antivirus software gives you the option to automatically scan the drives for viruses every time you insert them.

Re:Surprise? (1)

Joce640k (829181) | about 4 years ago | (#33382130)

Antivirus programs are a band-aid at best. Try running a few of the viruses that appear in your inbox every day*, it usually takes about a week for the antivirus vendors to catch up and detect them, if ever.

* Preferably in a virtual machine...

Re:No, really? (3, Interesting)

Anonymous Coward | about 4 years ago | (#33381212)

Were there any worms spread using a serial port?

heh. oddly enough... [thedailywtf.com]

Re:No, really? (1)

m50d (797211) | about 4 years ago | (#33381240)

It surprises me, considering how slow sneakernet is compared to the internet.

Re:No, really? (1)

hedwards (940851) | about 4 years ago | (#33382002)

Depends how much data. It's faster for me to take a USB HDD across town than it is to try and send 100gb of data over the wire, but for a couple MB of data, it's usually quicker to send it over the net, even if it does end up going around the world.

Re:No, really? (4, Informative)

TheRaven64 (641858) | about 4 years ago | (#33381404)

I don't remember any worms spreading automatically via serial port. It would have been difficult, because there weren't many peripherals that had internal storage space and connected via RS-232, and computers connected with a null-modem cable typically had to run some custom software for file transfer.

I do, however, remember a lot of worms spreading via floppy disks. Boot sector viruses were especially common in the DOS days. If you let a floppy in the drive, the BIOS would try to boot from it the next time you turned your computer on. It was quite common for a worm to install itself on the boot sector of any inserted floppy so that when you booted from that floppy it installed itself on the hard drive and then printed a 'please eject floppy and reboot' type error. You'd eject the floppy and reboot, and the machine would start normally, only now you'd be infected.

Since USB drives have replaced floppy disks for offline file transfer, it's not surprising that this is a common attack vector.

Re:No, really? (2, Funny)

HiThere (15173) | about 4 years ago | (#33381988)

Well ... modems used to connect over the serial port. I seem to remember a few viruses that spread that way.

Re:No, really? (2, Funny)

operagost (62405) | about 4 years ago | (#33381496)

None that I know of, but today's USB drive is yesterday's floppy.

Re:No, really? (1)

JohannesJ (952576) | about 4 years ago | (#33381520)

Serial ports are I/O as well, but in there day , the devices to which they connected were not memory and didn't have any file or program /disk structure and no automatic execute me when plugged in notion like USB

Remind me (1)

Runaway1956 (1322357) | about 4 years ago | (#33382096)

I shouldn't be plugging the dog or the cat into the USB port.

Re:No, really? (0)

Anonymous Coward | about 4 years ago | (#33382180)

Well, twelve score and 19 years ago when we all wore onions on our belts, since that was the fashion at the time, most early viruses spread by floppy disk passing. Same situation, just different media. Hardly a surprise or anything new to anyone who has been involved with computing for more than a few years.

Which is why all these dang companies should pay experienced people what they're worth! :)

Big surprise (2, Interesting)

betterunixthanunix (980855) | about 4 years ago | (#33381058)

Hm, software vendors put enormous effort into preventing attacks over the Internet. Did anyone really think that virus writers were not going to find new attack vectors?

Re:Big surprise (4, Insightful)

gstoddart (321705) | about 4 years ago | (#33381384)

Hm, software vendors put enormous effort into preventing attacks over the Internet. Did anyone really think that virus writers were not going to find new attack vectors?

How is this a "new" attack vector?

Microsoft has had auto-run on things like CDs and USB drives for years, and you usually need to turn it off. Otherwise, it would happily run any old shit you plug in without even asking.

When I plug my iPad into my Vista box, the auto-run dialog comes up and asks me if I want to either download pictures or open it like a file storage. There is no "do nothing" option, which I find kind of amusing, since I've usually turned off auto-run for everything.

I'm not even remotely surprised that USB is a popular attack vector -- they're the new floppies. Microsoft has defaulted to "easy" mode (run everything), which also happens to be the most trusting and dangerous mode you could get. I think this was kind of inevitable.

Re:Big surprise (2, Insightful)

gad_zuki! (70830) | about 4 years ago | (#33381516)

>There is no "do nothing" option, which I find kind of amusing, since I've usually turned off auto-run for everything.

That's not what people call autorun, especially in the context of USB viruses. Autorun means when the OS just launches the .exe listed in the autorun.inf file automatically. That's how this stuff spreads. Vista and 7 no longer support this and throw a "What would you like to do" screen, which is fine by me.

Re:Big surprise (2, Informative)

AndrewNeo (979708) | about 4 years ago | (#33381610)

Er. The last version of Windows that "ran everything" was XP. Just because the dialog comes up in Vista or 7 does NOT mean that the actual autorun application is being executed. The dialog you see is for user convenience, and still has a link to the autorun application, but does not do it on it's own anymore. When you plug your iPad in, the "do nothing" is the X button in the corner. Nothing happens besides that dialog coming up. It would be nice if it offered iTunes in the list, though.

Re:Big surprise (1)

gstoddart (321705) | about 4 years ago | (#33381736)

Er. The last version of Windows that "ran everything" was XP. Just because the dialog comes up in Vista or 7 does NOT mean that the actual autorun application is being executed.

That is good to know. I had explicitly gone in and turned all of it off, but I still see Windows try to respond to the new device, never sure how much to trust it.

When you plug your iPad in, the "do nothing" is the X button in the corner. Nothing happens besides that dialog coming up. It would be nice if it offered iTunes in the list, though.

Actually, I just discovered that after Windows has seen the device, you can then separately go into the Auto Play of the control panel and then select "Do Nothing".

Re:Big surprise (1)

hedwards (940851) | about 4 years ago | (#33382022)

Indeed, the main risk there is assuming the exe is still the same as the last time or absentmindedly clicking on it because you're not paying attention.

Re:Big surprise (2, Informative)

Sockatume (732728) | about 4 years ago | (#33381746)

What you're describing isn't autorun, but the XP-and-onwards "hey, there's new storage" prompt. While they're both annoying to some degree, Autorun executed any autorun.inf in the root of the new storage without prompting, making it a useful way of spreading viruses. The prompt you're referring to doesn't.

Re:Big surprise (0)

Anonymous Coward | about 4 years ago | (#33381840)

Which raises the age-old conspiracy theory that the security companies are the ones writing the viruses in the first place.

"Oh, look at the brave fireman save the kitty from the tree!" Didn't you ever wonder who's lobbing those kitties up into the trees in the first place?

.

Hard to believe it's only that many (1)

dmmiller2k (414630) | about 4 years ago | (#33381060)

Only 25%?

Re:Hard to believe it's only that many (1)

Joce640k (829181) | about 4 years ago | (#33381126)

There's not been much point in doing it until now - it was too easy to infect machines without it.

I expect all new viruses from now on will include USB as standard (as well as all the other vectors).

personal hygeine. (1)

gavsta (749014) | about 4 years ago | (#33381074)

someone should teach people to wash their hands properly before handling them IMHO.

Re:personal hygeine. (1)

JustOK (667959) | about 4 years ago | (#33381462)

it's raining out. worms are spreading via Undulating Slimy Bodies.

Some thoughts... (1)

mcgrew (92797) | about 4 years ago | (#33381094)

The basic technique used is as follows: Windows uses the Autorun.inf file on these drives or devices to know which action to take whenever they are connected to a computer. This file, which is on the root directory of the device, offers the option to automatically run part of the content on the device when it connects to a computer.

By modifying Autorun.inf with specific commands, cyber-crooks can enable malware stored on the USB drive to run automatically when the device connects to a computer, thus immediately infecting the computer in question.

I just did a little googling, and it appears you can easily shut it off [howtogeek.com] .

From CNET: [cnet.com]

Unlike with CDs, Autoplay on a USB flash drive will run a program immediately, no questions asked. Quoting Leo "USB Thumbdrives or flash drives are a non-obvious but easy way to spread malware." The only thing most malicious software needs is for you to run the program. The Windows Autoplay feature, for flash drives, hands this service to the bad guys on a silver platter.

Why does MS insist on lax security? Autorun should be off by default, not on. This is just plain stupid. It's not a bug, it's a design error. CNET adds that if you're running XP, TweakUI will work.

And, it looks to me like TFA is a slashvertisement. Its bottom line:

To prevent this, Panda Security has developed Panda USB Vaccine, a free product which offers a double layer of preventive protection, disabling the AutoRun feature on computers as well as on USB drives and other devices.

At least it's free.

PS -- a little more googling shows... (4, Informative)

mcgrew (92797) | about 4 years ago | (#33381350)

If you're running Windows 7 it appears that you're ok. [samlogic.net] But what took MS so long to fix this gaping hole?

Re:PS -- a little more googling shows... (2, Insightful)

AndrewNeo (979708) | about 4 years ago | (#33381646)

To their credit they did fix it in Vista.

Re:PS -- a little more googling shows... (0)

Anonymous Coward | about 4 years ago | (#33381696)

Judging from its sales figures, nobody noticed that.

Re:PS -- a little more googling shows... (3, Informative)

VGPowerlord (621254) | about 4 years ago | (#33381852)

To their credit, they fixed this in Windows XP.

Yes, XP. Specifically, Windows XP SP2.

It no longer just runs the Autorun program, but instead gives you a dialog that asks what you want to do, with some default choices. The former Autorun command appears at the top of said list.

The only thing Windows 7 did was remove said dialog when you attach non-optical media.

Re:Some thoughts... (0)

Anonymous Coward | about 4 years ago | (#33381386)

Why does MS insist on lax security? Autorun should be off by default, not on. This is just plain stupid. It's not a bug, it's a design error

Its intended to simplify the computing experience for new users. e.g. "Insert CD in and the software will install by itself". Or "Just insert the CD to view the wedding pictures/movie/etc". While it does have legitimate reasons to exist, I agree that it should be off by default.

"D:\Setup.exe" (1)

DocSavage64109 (799754) | about 4 years ago | (#33381506)

Like the parent said. Remember in the old days, you'd have instructions like "Insert disk, click start->run, type "D:\setup.exe", press enter". Anyone who had more than one cd-rom drive or hd would have to work out for themselves what drive letter they should type -- that's assuming they even knew what a drive letter was!

Re:"D:\Setup.exe" (2, Insightful)

jedidiah (1196) | about 4 years ago | (#33381682)

Fortunately, this thing called the GUI that was introduced to the world in 1984 solved most of those problems.

No need to search for the disk.
Searching for something to run is pretty straightforward.

Knowing what a program looks like in a GUI will probably be declared a "burden" by some. However, you can't completely abdicate responsibility for a sophisticated tool without severe consequences.

Sooner or later, something like Email Phishing will require the end user to plug their brain back in.

Re:"D:\Setup.exe" (1)

DocSavage64109 (799754) | about 4 years ago | (#33382020)

Ok, you type out your GUI steps to install a cd without autorun that work on w95-xp that hopefully all users can follow.

Re:"D:\Setup.exe" (1)

Joce640k (829181) | about 4 years ago | (#33382182)

A decent OS would have made it easy to do.

If it's not easy to do in Windows then it's a problem with the design of Windows. Why can't windows detect a 'software installation' CD (or USB stick) and say "Do you want to install program XXX from the CD?".

Autorun was a dismal idea, the current system isn't any better (the annoying/confusing popup dialog which asks you what to do).

Re:"D:\Setup.exe" (1)

Joce640k (829181) | about 4 years ago | (#33382012)

That could have been solved with an OS prompt which said something like, eg. "Do you want to install program XXX from the CD you just inserted?"

Simply running whatever code is on the USB drive is braindead. There were viruses at least 15 years before Windows XP, anybody with half a brain should have been able to see what was coming.

Still, this is the company which gave us autorun emails ... USB is a minor pecadillo compared to that.

Re:Some thoughts... (1)

countertrolling (1585477) | about 4 years ago | (#33381396)

At least it's free.

So is AntiVir :-) For some reason I don't trust Panda

But you know what really sucks? There's no real, physical write protection on these USB sticks, so there's no way for me to protect it from an infected machine. Every time I come home from a job. I have to clean the damn thing.

Re:Some thoughts... (1)

kainosnous (1753770) | about 4 years ago | (#33381508)

Why does MS insist on lax security? Autorun should be off by default, not on. This is just plain stupid. It's not a bug, it's a design error.

It's not a bug, it's a MS-feature. There is a trade-off to be made when it comes to security and usability. The two share an inverse relationship. Windows chooses usability even at the cost of security. Sure, they could turn off autorun by default. They don't so that any user can put in a disk or USB drive and expect something to happen specific to the content on that device. Would users still be able to figure out that they can click on that CD icon-thingy? probably. However, MS can sell it as a feature boasting about how easy it is to use. It's more of that mentality which gives you "I can just put a picture in that folder and it's instantly available to everybody on the block! Windows 7 was my idea!"

Personally, I think of this sort of thing as a huge mis-feature. However, this has also given them the largest part of the computer market and makes people believe that Linux is just for hackers. They've done a great job of making people think that viruses are just a natural part of computing anyway, and then they can sell more software to clean up those viruses. It baffles me how such a decision works, but the cold hard truth is that it has worked quite well.

</anti_windows_rant>

Re:Some thoughts... (1)

AndrewNeo (979708) | about 4 years ago | (#33381628)

Autorun has been off by default since Vista.

Re:Some thoughts... (1)

camperdave (969942) | about 4 years ago | (#33382028)

Autorun has been off by default since Vista.

Which doesn't help in the corporate or education sectors, because the powers that be *ABSOLUTELY WILL NOT* switch from XP with IE6.

Business opportunity.. (1)

al3k (1638719) | about 4 years ago | (#33381116)

Trojan Hacker edition significantly lowers the chance of UTD's (usb transmitted diseases)

I could never get it to work (1)

bluefoxlucid (723572) | about 4 years ago | (#33381122)

Windows has always refused to autorun USB devices for me. CDs I had to stab it repeatedly in the face to get left alone, but USB drives I put considerable effort into and all I got was this stupid pop-up dialog "WHAT DO YOU WANT TO DO? VIEW PICTURES?"

Use VOTiVO (1)

JimWise (1804930) | about 4 years ago | (#33381142)

That is why I spray all of my USB ports with VOTiVO [slashdot.org] .

Defective by Design (0)

Anonymous Coward | about 4 years ago | (#33381148)

Autorun is ridiculous. It's about as smart as automatically eating any medication you come across.

captcha: automata

First order of business (1)

daveime (1253762) | about 4 years ago | (#33381154)

First thing I do with any USB ...

Create a directory called "autorun.inf", then attrib +R +S +H +A on it.

I've found this pretty effective, as unless the virus is running with admin privileges, it can't overwrite the directory with a file of the same name.

Also, it's easy to detect if you *do* later contract a virus, as you can verify if the autorun.inf is a directory or a file from DOS before clicking on the options popup.

Re:First order of business (1)

Joce640k (829181) | about 4 years ago | (#33381196)

It's pretty much a given that viruses have admin privileges - how would they infect a machine if they didn't?

Re:First order of business (1)

gstoddart (321705) | about 4 years ago | (#33381422)

It's pretty much a given that viruses have admin privileges - how would they infect a machine if they didn't?

Sadly, some of the users have disabled UAC or simply say "Yes" whenever prompted because they don't fully understand what is being asked of them.

I fear that in some of these cases, users explicitly grant the virus escalated privileges.

Floppies all over again (1)

mbone (558574) | about 4 years ago | (#33381172)

15 years ago it was floppies. I worked then at a Government installation that was found to be massively infected - by floppies. Same vector, different medium.

X2 on the autorun (1)

pablo_max (626328) | about 4 years ago | (#33381188)

Seriously, why are people so silly to leave this on.

In my company so many PC were infected this way, with folks passing around USB keys. I think I was the only one who had autorun off and scanned every time anything USB is plugged in.
Hell, we even infected our customers because of that crap.

Re:X2 on the autorun (1)

0123456 (636235) | about 4 years ago | (#33381276)

Seriously, why are people so silly to leave this on.

Because Microsoft make it insanely difficult to turn off? From what I remember on XP, I had to change it in the control panel, edit some registry variables and then run another program from the command line to tell it that yes, I really, really did want it disabled.

Re:X2 on the autorun (1)

TheRaven64 (641858) | about 4 years ago | (#33381444)

And even once you do that, the next service pack, or occasionally the next security update, enables it again. Or, at least, did for me with Windows 2000. I never ran newer Windows versions on my own machine, so hopefully they've fixed that stupidity since.

Re:X2 on the autorun (1)

hairyfeet (841228) | about 4 years ago | (#33381534)

Or you could just, oh I don't know, copypasta [about.com] this into a reg file and pas it around? Guys here like to bitch about Windows, but it is a hell of a lot easier just to cook up a reg file to do whatever you need than the 50 ways you have to deal with the same kinds of actions in Linux. For all the bitching about the reg it really is an easy way to manage multiple PCs, especially with being able to deal out changes with Group Policy.

Autorun is not needed to infect (1)

mysteryvortex (854738) | about 4 years ago | (#33381474)

I seem to recall being able to insert a floppy disk, type "dir a:", and get a virus under MS DOS. You probably don't need autorun turned on to get infected.

Off the top of my head, a buffer overflow in the code that reads and displays embedded icons would be a juicy target, along with the file system parsing code.

-Mysteryvortex

USB and floppies verboten (1)

commodore64_love (1445365) | about 4 years ago | (#33381208)

My former company banned both. When you inserted a floppy, the computer refused to read it. And when a USB was inserted, security showed up to scan your PC.

It was also impossible to install any software, unless it was a simple *.exe program that sat on your desktop. Anything as elaborate as firefox was impossible to install.

Re:USB and floppies verboten (0)

Anonymous Coward | about 4 years ago | (#33381274)

So if you couldnt read floppies or sticks, how did the exe get on your desktop?

Re:USB and floppies verboten (0)

Anonymous Coward | about 4 years ago | (#33381426)

Maybe you have ever heard of a thing called "the internet". It's basically a series of tubes.

Re:USB and floppies verboten (1)

gstoddart (321705) | about 4 years ago | (#33381436)

So if you couldnt read floppies or sticks, how did the exe get on your desktop?

Right click and save from a web-page?

Re:USB and floppies verboten (1)

troll8901 (1397145) | about 4 years ago | (#33381956)

Probably developed in-house.

A company with an IT department that instantly shows up when you plug an USB drive ... is a rich company. Probably with in-house apps.

The easiest way to distribute/update apps in the company is to literally copy the EXE file onto the desktop (as vs deploying it using Active Directory).

USB worms (0)

Anonymous Coward | about 4 years ago | (#33381210)

This is a perfect example:
http://www.youtube.com/watch?v=MgS5I0mWCrQ

A weird encounter in a library one time (0)

Anonymous Coward | about 4 years ago | (#33381258)

My wife was using her laptop in the library once, and a guy came up to her and asked if he could test his USB drive in her computer. She got a weird vibe from him, so she said no. He got insistent, and she still said no. Instead of asking anyone else, or using the library's computers, he left. I've always figured he was trying to do something nefarious.

Re:A weird encounter in a library one time (0)

Anonymous Coward | about 4 years ago | (#33381550)

I've always figured he was trying to do something nefarious.

Well, who wouldn't want to plug his USB drive into a lady's computer?

And get her potential sensitive pictures in the process after planing a trojan?

there is nothing new under the sun (3, Funny)

buddyglass (925859) | about 4 years ago | (#33381268)

Way back in the day it was infected floppy disks. Given people now use USB drives like we used to use floppy disks, it only makes sense that malware would (once again) use them as a distribution method.

Re:there is nothing new under the sun (1)

helix2301 (1105613) | about 4 years ago | (#33381812)

Yes, but on a floppy disk you could use the tab on the side to make the disk read only so the virus would not infect the disk. It's much more difficult to do that on a usb jump drive.

Re:there is nothing new under the sun (1)

CrashandDie (1114135) | about 4 years ago | (#33381884)

It's much more difficult to do that on a usb jump drive.

When USB drives started to appear (back in the day of 64MB and 128MB being a "woah factor"), they would usually include a small switch that you could use to allow or prevent writing to the disk. I've *never* heard of anyone using it.

Low tech (1)

rnturn (11092) | about 4 years ago | (#33381292)

Wasn't Michelangelo (sp?) transmitted via infected floppy disks back in the late '80s/early '90s? SneakerNet will never really die. The media just changes.

News flash (1)

jridley (9305) | about 4 years ago | (#33381326)

Autorun is completely evil. You're an idiot if you don't disable it as soon as you unbox your computer. That is all.

Re:News flash (1)

gstoddart (321705) | about 4 years ago | (#33381514)

Autorun is completely evil. You're an idiot if you don't disable it as soon as you unbox your computer. That is all.

I can't even blame end users for that one.

Microsoft has consistently opted to ignore security in favor of ease of shooting yourself in the foot. I lay the blame squarely at their feet for deciding to essentially run anything that they encounter and hope that it isn't malicious.

As much as we don't like to, to a lot of people the computer is an appliance. They're just not fully aware of all of this stuff.

Re:News flash (1)

AndrewNeo (979708) | about 4 years ago | (#33381668)

Or upgrade to Vista. Vista! Vista (and 7) do not autorun applications by default.

Once again Linux (1)

Murdoch5 (1563847) | about 4 years ago | (#33381346)

I agree with this 100%, the amount of times I plug my USB Stick into my Linux box and have the virus scan freak out is amazing. Then again it's always nice to know that my usb is effecting me.

Re:Once again Linux (1)

mcgrew (92797) | about 4 years ago | (#33381626)

Virus scan on a Linux box? Huh? What am I missing here?

Re:Once again Linux (0)

Anonymous Coward | about 4 years ago | (#33381950)

mixed environment, he doesn't want to be a carrier?

Re:Once again Linux (1)

Murdoch5 (1563847) | about 4 years ago | (#33381964)

I have a virus software just for when I want to scan things like USB keys and cd's before sending them to people when there not from me, better to be sure there not getting effected from someone else.

Re:Once again Linux (1)

mcgrew (92797) | about 4 years ago | (#33381996)

Ah, good thinking. Thank you for that.

Hardware write protection (few, but they exist) (2, Interesting)

Fencepost (107992) | about 4 years ago | (#33381432)

There are still a few USB drives out there with hardware write protect switches, but they're hard to find and you'll probably have to order online. I have what may at this point be the best listing available at http://www.fencepost.net/2010/03/usb-flash-drives-with-hardware-write-protection/ [fencepost.net] , culled from a variety of searches, message boards, and one German computer magazine (c't) which has its own listing.

In the US, the most likely drives to find in stores if you're looking are a couple of Imation models (Pivot and Clip), plus lingering supplies of the older Swivel models (the swivel isn't all that sturdy, pockets will beat it up over time). I've not seen these widely in stores, but you may find the Clip in college bookstores - I suspect that's their target for the style.

I thought USB devices were safe (1)

Robert Bowles (2733) | about 4 years ago | (#33381454)

If you get it from the store, and its in a blister pack, they're pretty much guaranteed to be secure.

Re:I thought USB devices were safe (4, Insightful)

Ukab the Great (87152) | about 4 years ago | (#33381616)

Good News: Assuming a certain level of competence where the windows machines formatting the drives in China were not recycled from somewhere else, had their hard drives given a clean wipe, and weren't hooked up to the Internet and used to browse Pr0n on lunch break, then yes drives in the blister pack are secure.

Bad News: It's highly dangerous to assume a certain level of competence.

Moral Of The Story: When you buy a flash drive, immediately format it and bypass and "value-added gravy" the manufacturer tries to shove down your throat.

News Flash? (0)

Anonymous Coward | about 4 years ago | (#33381582)

25%? Seems kind of low, for a type of social engineering "exploit", the ubiquity of USB devices, ease of use vs security conundrum, etc. Now tell us the source of the malware on the device, and then we might have a story - from the factory, favorite uncle's p0rn server, etc.

It also means 75% of worms are spread via other means.

So what's the real story??

Where as... (1)

Schnoogs (1087081) | about 4 years ago | (#33381584)

the other 75% spread via my friend's mom's sexual habits.

Could a malware have more than vector? (1)

blcss (886739) | about 4 years ago | (#33381602)

Suppose something was written to spread via both the Internet and USB autorun? The more vectors, the stronger it would be.

Re:Could a malware have more than vector? (0)

Anonymous Coward | about 4 years ago | (#33381814)

Jeeze. Imagine the implications of this. If someone plugged that USB device into a computer that was also connected to the internet, it could spread like crazy!

Further... (0)

Anonymous Coward | about 4 years ago | (#33381694)

47.8% of all statistics are made up on the spot!

Industrial Espionage (1)

DarthVain (724186) | about 4 years ago | (#33381698)

I once heard that the easiest way to conduct industrial espionage was to make a virus that would make a back door to the security systems, load it onto a USB thumb drive, casually walk to the outside smoking area of the company building you wish to infect, have a smoke, covertly drop the USB thumb drive somewhere in the area. For extra points, take a generic thumb drive and put the company logo on the side for authenticity. 10$ says some idiot will pick it up and plug it into his system when he gets back to his office to see what is on it, or who it might belong to. Bypassing all firewalls and security (at least initially).

Now remotely connect to your hearts content and start downloading.

Re:Industrial Espionage (1)

Fantastic Lad (198284) | about 4 years ago | (#33381822)

Advice:

"Don't eat surprise food you find on the ground unless it's a strawberry and was growing there."

"Don't plug in surprise computer media you find on the ground unless you have autoplay turned off."

-FL

Re:Industrial Espionage (1)

Joce640k (829181) | about 4 years ago | (#33382046)

You don't even need to do that, just drop a few of them around the car park...

How to disable Autorun in Windows. . . (2, Informative)

Fantastic Lad (198284) | about 4 years ago | (#33381704)

Autorun is one of Microsoft's more frustrating contributions to the world.

But what is still more idiotic, is how user-unfriendly the path is to shutting it off. Microsoft's very own page on the issue...

http://support.microsoft.com/kb/967715 [microsoft.com]

-FL

The other 75%... (1)

Esvandiary (1302095) | about 4 years ago | (#33381706)

... had already died from a Concrete Donkey.

Photo kiosks are common vector (1)

hipifreq (1323407) | about 4 years ago | (#33381838)

My own experience with USB viruses was pretty thankfully not horrible, but annoying and disheartening. I brought a USB key full of pictures to a local store to have them printed, and when I got back home and put the stick in I was infected. Nothing serious, and easily detected and cleaned, but still annoying. I called the store to let them know, and asked to speak to someone in IT. After I while I talked briefly to a tech, let him know what I experienced, and suggested they turn autorun off, as it wasn't necessary. Shame on me, because two weeks later I went to print more pictures from USB, and yet again my key was infected. This time I had turn off autorun for USB (different and harder to turn off than for CD I found) and found the infection before it spread to my desktop. No I have what another user suggested in a directory named autorun.inf with all the flags on (system file, read-only, etc). Works for me. What I wondered about at the time is what one can do when you know of a virus vector, have informed that infected party, and they take no steps to prevent it. Are there places out there where knowing you have a virus, know you're spreading it, and don't do anything is illegal?

Re:Photo kiosks are common vector (1)

tlhIngan (30335) | about 4 years ago | (#33382030)

Are there places out there where knowing you have a virus, know you're spreading it, and don't do anything is illegal?

You could sue for negligence, as they have technically failed in their duty of care upon your telling them. Won't get much, but it could be enough to pay for a PC repair service with backup option - few hundred bucks at least.

Again no word of Microsoft or Windows (3, Interesting)

devent (1627873) | about 4 years ago | (#33381968)

I posted it already on another news about a Windows bot net. The trojan/usb infection is only on Microsoft Windows. Please mention that. I and people with Macs couldn't care less. So I just post again and again and again:

It's 25 percent of new Windows worms. Approximately 48 percent of Windows SMBs (with up to 1,000 computers) admit to having been infected by some type of malware over the last year. Linux and MacOS SMBs are still save and will be save.

I would say Dell was right:

"6) Ubuntu is safer than Microsoft Windows: The vast majority of viruses and spyware written by hackers are not designed to target and attack Linux." from http://www.theregister.co.uk/2010/06/14/dell_ubuntu_windows_security/ [theregister.co.uk]

Still allergic to identifying Windows malware (0)

Anonymous Coward | about 4 years ago | (#33381994)

Still allergic to identifying Windows malware as Windows malware, I see. It's not "computers" that are affected, it's "Windows computers."

Gotta be picky, it's Thursday after all... (1)

bagofbeans (567926) | about 4 years ago | (#33382168)

As further proof, 27 percent confirmed that the source of the infection was a USB device connected to a computer.

Actually that's evidence, not proof.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>