We’ve talked about infections many times, at our location, in our newsletters, and here on this blog. But you might be asking yourself, just how do real infections act in the real world, without being filtered through a maze of possibilities and opinions that each infection seems to have.
Part 6: The Infected USB Device
What Is the Infected USB Device?
Think about how many USB storage devices you use in a day. Perhaps a flash drive for your homework assignments. Maybe an external hard drive to store your business’ accounting files. Regardless of what you use them for, external storage devices can be and sometimes are infected with malicious software, and many people do not scan their external USB devices for infections before accessing the files on there, and this is after they’ve plugged them into who knows how many different computers.
The Real Life Example
A study by the U.S. Department of Homeland Security discovered in 2011 that the biggest risk from removable storage devices (usually USB devices) was poor decision-making by users. The report found that government employees showed carelessness when using these devices when they were left out in parking garages and offices. Of those that were picked up, 60% of them were plugged into their computer without verifying their authenticity, and that jumped up to 90% when the devices has their department’s logo on them.
How Do I Protect Myself?
Never assume a USB device is clean, even when it ships from the factory. There have been some incidents where good vendors had unknowingly sold contaminated devices, from smartphones to cameras to memory sticks.
If your protection software has the option to scan a device as soon as it is plugged in, enable that feature. It can be a pain in the neck if you’re doing a lot of data transfers throughout the day, but it could save you even more pain if it keeps you from installing an infected file on your computer. If your software does not have an automatic option, open the security software and scan the USB device before opening any contents of the device.
Computer Works would like to thank Sophos for information used to write this article.
Now that our series on Infections in the Real World is complete, tell us what you think? Is there anything else you can think of that we’ve missed?