Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two-Thirds of Lost USB Drives Carry Malware

Posted by samzenpus on from the bugs-everywhere dept.

itwbennett writes "Antivirus firm Sophos acquired a passel of USB sticks lost by commuters on trains in the Greater Sydney metro area at an auction organized by the Rail Corporation New South Wales. The company analyzed 50 USB sticks and found that not a single one was encrypted and 33 of them were infected with at least one type of malware."

33 of 196 comments (clear)

  1. What do you expect .. by roguegramma · · Score: 5, Funny

    .. they were lost by the 10% of commuters stupid enough to lose an USB stick.

    --
    Hey don't blame me, IANAB
    1. Re:What do you expect .. by Marxist+Hacker+42 · · Score: 5, Interesting

      I was thinking of a different self-selecting sample- the script kiddies willing to spread malware-infected USB sticks around in public to see which computers phone home.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    2. Re:What do you expect .. by BitterOak · · Score: 3, Insightful

      .. they were lost by the 10% of commuters stupid enough to lose an USB stick.

      Why is this modded troll? Is it unreasonable to assume there might be some correlation between those people who are less careful with possessions and those who are less careful about encryption/malware, etc.? I'm not suggesting that it is impossible for a very careful person to drop something or have it fall through an unknown hole in the pocket, but at the same time, I don't think it is unreasonable to suspect that a population of those who left their USB sticks on the subway aren't necessarily perfectly representative of the population of USB stick users as a whole.

      --
      If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    3. Re:What do you expect .. by MurukeshM · · Score: 4, Informative
      They considered that angle. But then

      Ducklin said that the likelihood of the USB sticks being left on trains on purpose by hackers or penetration testers so they are picked up by corporate users and plugged into their work computers, is very low.

      "We didn't find any evidence to support the theory that the USB sticks had been deliberately planted," said Graham Cluley, a senior technology consultant at the company.

      "The malware involved was mostly very prevalent, general-purpose, zombie stuff," Ducklin explained. The security expert believes that this method of malware distribution is not even viable because most lost USB sticks are being handed into lost property rather than being plugged into computers by users.

      [TFA]

    4. Re:What do you expect .. by aix+tom · · Score: 3, Insightful

      People who lose stuff are not necessarily more "stupid", but they are definitely more "careless"

      And yes, people who care enough to double-check all their possessions lose less than people who don't.

      And the people who double-check their possessions are probably also the ones who double-check their virus scanner and/or their encryption.

      It has little to do with "stupid". In fact, one of the stereotypes of a careless person is the highly intelligent "absent minded professor"

    5. Re:What do you expect .. by nine-times · · Score: 4, Insightful

      It seems likely that people who are careless also lose things more often.

    6. Re:What do you expect .. by BasilBrush · · Score: 3, Interesting

      Is it unreasonable to assume there might be some correlation between those people who are less careful with possessions and those who are less careful about encryption/malware, etc.?

      It's not an unreasonable hypothesis to raise. It is unreasonable to assume it's true.

    7. Re:What do you expect .. by jabberw0k · · Score: 5, Insightful

      most lost USB sticks are being handed into lost property rather than being plugged into computers by users.

      100% of items handed in, have been handed in -- what a surprise! How do they track lost items that were not handed in? This is as accurate as Gracie Allen's telephone poll -- 100% of people she phoned, had a phone.

  2. Mac by cyachallenge · · Score: 5, Insightful
    FTA

    One interesting aspect of the results was that based on their data and formatting seven of the infected storage devices belonged to Mac OS X users or had been extensively used under this OS.

    1. Re:Mac by Rockoon · · Score: 3, Funny

      ... which unfortunately doesn't really tell us anything, since they don't mention how many of the uninfected storage devices were like that.

      Yes they did, and then the guy you replied to did also.

      It was seven. Were you looking for digits? 7.

      --
      "His name was James Damore."
    2. Re:Mac by John+Bresnahan · · Score: 4, Funny

      FTA

      One interesting aspect of the results was that based on their data and formatting seven of the infected storage devices belonged to Mac OS X users or had been extensively used under this OS.

      Which means that those USB drives had been plugged in to a Windows machine at least once.

    3. Re:Mac by BasilBrush · · Score: 3, Funny

      We have a winner!

  3. I can't believe that many people... by Fallingcow · · Score: 4, Funny

    ... carry acroread.exe and/or iexplore.exe around on their USB sticks.

    Weird.

    1. Re:I can't believe that many people... by 1729 · · Score: 4, Informative

      This is a routine trick in a security audit: drop some USB sticks in the employee parking lot, and see how many folks just plug it into their computer.

    2. Re:I can't believe that many people... by jd · · Score: 3, Funny

      I'm more inclined to think that the trains in Australia are carrying viruses and simply infect the USB sticks on contact.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  4. Encryption by Hatta · · Score: 5, Insightful

    The whole point of portable USB sticks is to access your data from strange computers. Plugging an encrypted USB stick into a strange computer completely defeats the point of the encryption. None of my USB sticks are encrypted; they don't need to be because they have no personal information on them.

    --
    Give me Classic Slashdot or give me death!
    1. Re:Encryption by Anonymous Coward · · Score: 5, Informative

      That's not the only point of USB sticks - they can also be used to syncronise two trusted computers at different locations. I use one for just this purpose. However, mine is encrypted.

  5. Lost? Riiigghtt... by wjcofkc · · Score: 4, Interesting

    I can see someone "loosing" a couple in the employee smoking area outside of a bank or large tech company. Lost, sure they were.

    --
    Brought to you by Carl's Junior.
  6. Re:Truecrypt? by mr1911 · · Score: 4, Insightful

    TrueCrypt does not make invisible containers. It makes encrypted containers.

    There is an exception for the container hidden in an container, but that only offers plausible deniability as the existence of the larger container is obvious.

    --
    This post comes with a double-your-money-back guarantee!
    Any offense taken to this post is at your sole discretion.
  7. Conclusions by Rudisaurus · · Score: 4, Insightful

    Conclusions you can draw from this study: people who ride transit and lose their USB memory stick while doing so are

    (a) unlikely to encrypt the contents of their memory stick, and
    (b) prone to malware infections

    I'm not certain that this group is representative of the general population, however.

    --
    licet differant, aequabitur
  8. Safe USB by FuzzyHead · · Score: 5, Funny

    I practice safe USB plugging. I put a rubber cover over my USB stick before I try to plug it in to anything. I have never once caught a virus on it.

  9. CityRail = CityFail by Anonymous Coward · · Score: 4, Interesting

    It is more likely that the USB's got infected when someone at CityRail plugged them in to see if there was 'anything good' stored.

    1. Re:CityRail = CityFail by The+Mister+Purple · · Score: 4, Insightful

      That hadn't occurred to me. I wonder if the study included a security audit of the CityRail computers?

      --
      "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
  10. Re:Truecrypt? by shellster_dude · · Score: 3, Insightful

    Still, how would they know if some sort of stenography was being implemented, or if I had a Truecrypt volume called "ProgramA.bin"?

  11. Re:Sample issues by icebike · · Score: 4, Insightful

    This isn't lost USB sticks - this is USB sticks that were lost and weren't reclaimed long enough to end up in a transit authority auction.

    Auctioning these thing seems the height of irresponsibility. I wonder what legal ramifications there are for the Rail Corporation in releasing private information, (even if accidentally lost) to total strangers.

    From TFA:

    he Sophos researchers found personal information belonging to the former owners of the devices, as well as their families, friends and colleagues. The recovered files included images, documents, source code, audio files, video files, XML files and even AutoCAD drawings.

    --
    Sig Battery depleted. Reverting to safe mode.
  12. Re:Truecrypt? by black3d · · Score: 5, Informative

    Truecrypt isn't designed to be invisible at all. Aside from entirely encrypted drives, it's fairly obvious if someone HAS encrypted data. Truecrypt is about hiding that data via hidden paritions within outer encrypted containers, and plausible deniability.

    Truecrypt volumes are generally detectable:
    http://www.jadsoftware.com/?page_id=89
    https://code.google.com/p/tcdiscover/
    And if the researchers discovered drives that are filled entirely with random data, then they know they're either securely formatted or encrypted, and would likely consider them the latter - if they're securely formatted the file system appears intact. If the entire drive is encrypted (or securely erased from the MBR up) then the FS is not intact, and it's a fair bet that the researchers are claiming they found all sticks with intact file systems, formatted to the same volume as the stick, with single partitions.

    As are those hidden within files:
    http://16s.us/TCHunt/index.php

    But - the reason for the ramble: Never make the mistake of thinking Truecrypt is invisible. It's not. What's "invisible" should be your second hidden volume within the Truecrypt container - if you've set it up correctly. And there have previously even been attacks on that, in the event attackers are able to gain access to the external container. Work on your plausible deniability. Don't rely on TC to do the work for you or you'll end up with leaks everywhere.
    http://www.schneier.com/paper-truecrypt-dfs.pdf

    --
    "The true measure of a person is how they act when they know they won't get caught." - DSRilk
  13. Re:Very nice of the Rail Corporation to auction th by icebike · · Score: 4, Insightful

    My thoughts exactly.

    None of these (256 meg to 8 Gig) were so valuable that their destruction would have been considered a huge waste, and the potential damage to the forgetful owner could be massive. You would think that the LEAST they could do was format them, which itself is far from fool proof. But releasing them intact just seems dumb, even if not illegal.

    he Sophos researchers found personal information belonging to the former owners of the devices, as well as their families, friends and colleagues. The recovered files included images, documents, source code, audio files, video files, XML files and even AutoCAD drawings.

    --
    Sig Battery depleted. Reverting to safe mode.
  14. Summary... by Chelloveck · · Score: 4, Insightful

    Anti-virus vendor says there's yet another way to get a virus, and you need their product even more. Film at eleven.

    --
    Chelloveck
    I give up on debugging. From now on, SIGSEGV is a feature.
  15. Re:Truecrypt? by Anachragnome · · Score: 4, Funny

    Thanks.

    I guess the old adage still applies...

    "Careful where you stick that thing, son..."

  16. Re:Truecrypt? by Artifakt · · Score: 4, Funny

    how would they know if some sort of stenography was being implemented

    You are correct. There is no known way to detect which files were transcribed in shorthand by a person taking dictation before being entered by keyboard...
    Oh, wait, you meant "steganography", didn't you?

    --
    Who is John Cabal?
  17. Re:On purpose by chaboud · · Score: 3, Funny

    Dude. Stop with the brain hurt.

    Clearly, people got these because they are dumb. We know that they are dumb because they ride public transit. They ride public transit because they are poor. Dumb, poor, train people got sticks without understanding what they were for. They probably tried to eat them and left them in the train.

    Because they're dumb, poor, non-computer people.

    QED.

    Now I have to go catch a train home.

  18. How _would_ you wipe one if you got it? by mbourgon · · Score: 3, Interesting

    Okay, so say you find one. Or your relative/friend/coworker gives you one. OR, you need to loan them yours for a few minutes (happens more and more often now that computers don't come with floppies). What then? Once you get it back, how do you wipe it such that you can reuse it, but it doesn't have anything on it? I'd rather not kiss a $3 drive goodbye everytime that happens. On Linux you'd have to mount it, so (IIRC) you'd be able to just format the partition before mounting.

    But how about on Windows. Mac OS? Or if I have autostart (or whatever it's called) off, am I safe? (and yes, I'm pretty sure that last one isn't right).

    --
    "Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
  19. Want to bet? by Paul1969 · · Score: 3, Funny

    I find it hard to believe that none of the folks who turned in "lost" USB sticks took a minute to check if there was any hot pr0n on them first.