Slashdot Mirror

← Back to Stories (view on slashdot.org)

25% of Worms Spread Via USB

Posted by CmdrTaco on from the to-your-mom dept.

An anonymous reader writes "In 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers, according to PandaLabs. This distribution technique is highly effective. With survey responses from more than 10,470 companies across 20 countries, it was revealed that approximately 48 percent of SMBs (with up to 1,000 computers) admit to having been infected by some type of malware over the last year. As further proof, 27 percent confirmed that the source of the infection was a USB device connected to a computer."

16 of 190 comments (clear)

  1. No, really? by oodaloop · · Score: 3, Insightful

    Since pretty much everything is connected with USB these days, is this any kind of surprise? Were there any worms spread using a serial port?

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    1. Re:No, really? by Anonymous Coward · · Score: 3, Interesting

      Were there any worms spread using a serial port?

      heh. oddly enough...

    2. Re:No, really? by TheRaven64 · · Score: 4, Informative

      I don't remember any worms spreading automatically via serial port. It would have been difficult, because there weren't many peripherals that had internal storage space and connected via RS-232, and computers connected with a null-modem cable typically had to run some custom software for file transfer.

      I do, however, remember a lot of worms spreading via floppy disks. Boot sector viruses were especially common in the DOS days. If you let a floppy in the drive, the BIOS would try to boot from it the next time you turned your computer on. It was quite common for a worm to install itself on the boot sector of any inserted floppy so that when you booted from that floppy it installed itself on the hard drive and then printed a 'please eject floppy and reboot' type error. You'd eject the floppy and reboot, and the machine would start normally, only now you'd be infected.

      Since USB drives have replaced floppy disks for offline file transfer, it's not surprising that this is a common attack vector.

      --
      I am TheRaven on Soylent News
    3. Re:No, really? by DrgnDancer · · Score: 3, Insightful

      As someone already pointed out, it's faster for large data transfers, but I don't think that's a majority of the problem. It's mostly just convenience. Let's say I have a presentation to give to your company. It's the same presentation I give to every company that has shown an interest in my product. I could e-mail each and every company a copy of my presentation before I show up (and hope that the person I e-mailed it to remembers to put it on the presentation machine), or I can carry it on a thumb drive. Or maybe I was working on the presentation on the flight, and didn't have Internet access to send it to you. Or I'm a tech support guy who carries a bunch of diagnostic tools around with me. There's a ton of reasons why people carry these things around, speed not a huge factor for most of them.

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
  2. Surprise? by Joce640k · · Score: 5, Insightful

    It's only going to surprise people who thought nobody would be stupid enough to enable autorun by default in a consumer OS.

    --
    No sig today...
    1. Re:Surprise? by Darkness404 · · Score: 3, Insightful

      Remember the days of DOS and having to try to walk someone through installing something through DOS (with a CLI mind you) and how many people couldn't just type the drive right? Misspelled Install every single time, etc?

      Yeah, autorun might be a security nightmare, but its a lot nicer for anyone who has had to do tech support with clueless users.

      --
      Taxation is legalized theft, no more, no less.
    2. Re:Surprise? by oodaloop · · Score: 4, Funny

      Oh, whoops! Was I standing on your lawn? Sorry 'bout that.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    3. Re:Surprise? by DavidTC · · Score: 5, Interesting

      Yes, but an equally useful thing would have simply been a 'Install program' menu item, that, when launched, looks on all removable media for autorun.inf files or whatever, and presents their devices, names, and icons in a little list where you pick one.

      Automatically running it was just stupid. You can automate systems but still put a menu item to start the process.

      Hell, in some cases, that would result in less steps. We've all had to walk someone through an install progress, and ended up first having to uninstall something else or update a driver and then reboot...at which point, to get autorun to work, they have to eject the damn CD and put it back in.

      --
      If corporations are people, aren't stockholders guilty of slavery?
    4. Re:Surprise? by Jimmy+King · · Score: 3, Insightful

      While I agree with you, this is unfortunately not the way the world works. It was more profitable to insist that everyone needs computers and that they are easy to use and require no training or knowledge and would just work.

      So now we've got a few people who can't and never would be able to manage that who have computers and use them daily. Then we have a bunch more people who could manage that, except marketing (and even some IT pros that seem to give advice based on what would be ideal rather than what actually is) has told them that it just works and they don't need to have a clue what's actually happening or how to do anything because it will all just happen for them. So now, even though they could learn how it works and how to do things, they don't and are convinced they shouldn't have to and get upset when something doesn't just work, trouble and risk free.

      The best solution, of course, would be to get it through to people that computers are actually not simple and are very complex and require some level of understanding and research to use effectively and safely. That's a lot easier said than done, though, since no one wants to hear our opinion on the situation. The ones that do want to hear it likely don't need us to tell them.

  3. there is nothing new under the sun by buddyglass · · Score: 3, Funny

    Way back in the day it was infected floppy disks. Given people now use USB drives like we used to use floppy disks, it only makes sense that malware would (once again) use them as a distribution method.

  4. PS -- a little more googling shows... by mcgrew · · Score: 4, Informative

    If you're running Windows 7 it appears that you're ok. But what took MS so long to fix this gaping hole?

    --
    Free Martian Whores!
    1. Re:PS -- a little more googling shows... by VGPowerlord · · Score: 3, Informative

      To their credit, they fixed this in Windows XP.

      Yes, XP. Specifically, Windows XP SP2.

      It no longer just runs the Autorun program, but instead gives you a dialog that asks what you want to do, with some default choices. The former Autorun command appears at the top of said list.

      The only thing Windows 7 did was remove said dialog when you attach non-optical media.

      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
    2. Re:PS -- a little more googling shows... by FoolishOwl · · Score: 3, Insightful

      To be fair, I think part of what people hated about Vista was that Microsoft finally implemented some decent security. Users complained about being asked to enter passwords to authorize software installation and the like. Vista was a tremendous resource hog, but it looked to me like Microsoft decided to upgrade security and stability first, then optimized performance later in Windows 7. That's the responsible thing to do, and I think Microsoft got burned for doing the right thing for a change.

  5. Re:Big surprise by gstoddart · · Score: 4, Insightful

    Hm, software vendors put enormous effort into preventing attacks over the Internet. Did anyone really think that virus writers were not going to find new attack vectors?

    How is this a "new" attack vector?

    Microsoft has had auto-run on things like CDs and USB drives for years, and you usually need to turn it off. Otherwise, it would happily run any old shit you plug in without even asking.

    When I plug my iPad into my Vista box, the auto-run dialog comes up and asks me if I want to either download pictures or open it like a file storage. There is no "do nothing" option, which I find kind of amusing, since I've usually turned off auto-run for everything.

    I'm not even remotely surprised that USB is a popular attack vector -- they're the new floppies. Microsoft has defaulted to "easy" mode (run everything), which also happens to be the most trusting and dangerous mode you could get. I think this was kind of inevitable.

    --
    Lost at C:>. Found at C.
  6. Re:I thought USB devices were safe by Ukab+the+Great · · Score: 4, Insightful

    Good News: Assuming a certain level of competence where the windows machines formatting the drives in China were not recycled from somewhere else, had their hard drives given a clean wipe, and weren't hooked up to the Internet and used to browse Pr0n on lunch break, then yes drives in the blister pack are secure.

    Bad News: It's highly dangerous to assume a certain level of competence.

    Moral Of The Story: When you buy a flash drive, immediately format it and bypass and "value-added gravy" the manufacturer tries to shove down your throat.

  7. Again no word of Microsoft or Windows by devent · · Score: 3, Interesting
    I posted it already on another news about a Windows bot net. The trojan/usb infection is only on Microsoft Windows. Please mention that. I and people with Macs couldn't care less. So I just post again and again and again:

    It's 25 percent of new Windows worms. Approximately 48 percent of Windows SMBs (with up to 1,000 computers) admit to having been infected by some type of malware over the last year. Linux and MacOS SMBs are still save and will be save.

    I would say Dell was right:

    "6) Ubuntu is safer than Microsoft Windows: The vast majority of viruses and spyware written by hackers are not designed to target and attack Linux." from http://www.theregister.co.uk/2010/06/14/dell_ubuntu_windows_security/

    --
    http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute