Two-Thirds of Lost USB Drives Carry Malware

← Back to Stories (view on slashdot.org)

Two-Thirds of Lost USB Drives Carry Malware

Posted by samzenpus on Wednesday December 7, 2011 @09:53AM from the bugs-everywhere dept.

itwbennett writes "Antivirus firm Sophos acquired a passel of USB sticks lost by commuters on trains in the Greater Sydney metro area at an auction organized by the Rail Corporation New South Wales. The company analyzed 50 USB sticks and found that not a single one was encrypted and 33 of them were infected with at least one type of malware."

23 of 196 comments (clear)

Min score:

Reason:

Sort:

What do you expect .. by roguegramma · 2011-12-07 09:55 · Score: 5, Funny

.. they were lost by the 10% of commuters stupid enough to lose an USB stick.

--
Hey don't blame me, IANAB
1. Re:What do you expect .. by Marxist+Hacker+42 · 2011-12-07 10:18 · Score: 5, Interesting
  
  I was thinking of a different self-selecting sample- the script kiddies willing to spread malware-infected USB sticks around in public to see which computers phone home.
  
  --
  SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
2. Re:What do you expect .. by MurukeshM · 2011-12-07 10:48 · Score: 4, Informative
  
  They considered that angle. But then
  
  Ducklin said that the likelihood of the USB sticks being left on trains on purpose by hackers or penetration testers so they are picked up by corporate users and plugged into their work computers, is very low.
  "We didn't find any evidence to support the theory that the USB sticks had been deliberately planted," said Graham Cluley, a senior technology consultant at the company.
  "The malware involved was mostly very prevalent, general-purpose, zombie stuff," Ducklin explained. The security expert believes that this method of malware distribution is not even viable because most lost USB sticks are being handed into lost property rather than being plugged into computers by users.
  [TFA]
3. Re:What do you expect .. by nine-times · 2011-12-07 11:00 · Score: 4, Insightful
  
  It seems likely that people who are careless also lose things more often.
4. Re:What do you expect .. by jabberw0k · 2011-12-07 11:17 · Score: 5, Insightful
  
  most lost USB sticks are being handed into lost property rather than being plugged into computers by users.
  100% of items handed in, have been handed in -- what a surprise! How do they track lost items that were not handed in? This is as accurate as Gracie Allen's telephone poll -- 100% of people she phoned, had a phone.
Mac by cyachallenge · 2011-12-07 09:56 · Score: 5, Insightful

FTA

One interesting aspect of the results was that based on their data and formatting seven of the infected storage devices belonged to Mac OS X users or had been extensively used under this OS.
1. Re:Mac by John+Bresnahan · 2011-12-07 10:47 · Score: 4, Funny
  
  FTA
  
  One interesting aspect of the results was that based on their data and formatting seven of the infected storage devices belonged to Mac OS X users or had been extensively used under this OS.
  Which means that those USB drives had been plugged in to a Windows machine at least once.
I can't believe that many people... by Fallingcow · 2011-12-07 09:57 · Score: 4, Funny

... carry acroread.exe and/or iexplore.exe around on their USB sticks.
Weird.
1. Re:I can't believe that many people... by 1729 · 2011-12-07 10:20 · Score: 4, Informative
  
  This is a routine trick in a security audit: drop some USB sticks in the employee parking lot, and see how many folks just plug it into their computer.
Encryption by Hatta · 2011-12-07 09:58 · Score: 5, Insightful

The whole point of portable USB sticks is to access your data from strange computers. Plugging an encrypted USB stick into a strange computer completely defeats the point of the encryption. None of my USB sticks are encrypted; they don't need to be because they have no personal information on them.

--
Give me Classic Slashdot or give me death!
1. Re:Encryption by Anonymous Coward · 2011-12-07 10:06 · Score: 5, Informative
  
  That's not the only point of USB sticks - they can also be used to syncronise two trusted computers at different locations. I use one for just this purpose. However, mine is encrypted.
Lost? Riiigghtt... by wjcofkc · 2011-12-07 10:01 · Score: 4, Interesting

I can see someone "loosing" a couple in the employee smoking area outside of a bank or large tech company. Lost, sure they were.

--
Brought to you by Carl's Junior.
Re:Truecrypt? by mr1911 · 2011-12-07 10:01 · Score: 4, Insightful

TrueCrypt does not make invisible containers. It makes encrypted containers.

There is an exception for the container hidden in an container, but that only offers plausible deniability as the existence of the larger container is obvious.

--
This post comes with a double-your-money-back guarantee!
Any offense taken to this post is at your sole discretion.
Conclusions by Rudisaurus · 2011-12-07 10:01 · Score: 4, Insightful

Conclusions you can draw from this study: people who ride transit and lose their USB memory stick while doing so are

(a) unlikely to encrypt the contents of their memory stick, and
(b) prone to malware infections

I'm not certain that this group is representative of the general population, however.

--
licet differant, aequabitur
Safe USB by FuzzyHead · 2011-12-07 10:03 · Score: 5, Funny

I practice safe USB plugging. I put a rubber cover over my USB stick before I try to plug it in to anything. I have never once caught a virus on it.
CityRail = CityFail by Anonymous Coward · 2011-12-07 10:10 · Score: 4, Interesting

It is more likely that the USB's got infected when someone at CityRail plugged them in to see if there was 'anything good' stored.
1. Re:CityRail = CityFail by The+Mister+Purple · 2011-12-07 10:26 · Score: 4, Insightful
  
  That hadn't occurred to me. I wonder if the study included a security audit of the CityRail computers?
  
  --
  "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
Re:Sample issues by icebike · 2011-12-07 10:22 · Score: 4, Insightful

This isn't lost USB sticks - this is USB sticks that were lost and weren't reclaimed long enough to end up in a transit authority auction.
Auctioning these thing seems the height of irresponsibility. I wonder what legal ramifications there are for the Rail Corporation in releasing private information, (even if accidentally lost) to total strangers.
From TFA:

he Sophos researchers found personal information belonging to the former owners of the devices, as well as their families, friends and colleagues. The recovered files included images, documents, source code, audio files, video files, XML files and even AutoCAD drawings.

--
Sig Battery depleted. Reverting to safe mode.
Re:Truecrypt? by black3d · 2011-12-07 10:24 · Score: 5, Informative

Truecrypt isn't designed to be invisible at all. Aside from entirely encrypted drives, it's fairly obvious if someone HAS encrypted data. Truecrypt is about hiding that data via hidden paritions within outer encrypted containers, and plausible deniability.
Truecrypt volumes are generally detectable:
http://www.jadsoftware.com/?page_id=89
https://code.google.com/p/tcdiscover/
And if the researchers discovered drives that are filled entirely with random data, then they know they're either securely formatted or encrypted, and would likely consider them the latter - if they're securely formatted the file system appears intact. If the entire drive is encrypted (or securely erased from the MBR up) then the FS is not intact, and it's a fair bet that the researchers are claiming they found all sticks with intact file systems, formatted to the same volume as the stick, with single partitions.
As are those hidden within files:
http://16s.us/TCHunt/index.php
But - the reason for the ramble: Never make the mistake of thinking Truecrypt is invisible. It's not. What's "invisible" should be your second hidden volume within the Truecrypt container - if you've set it up correctly. And there have previously even been attacks on that, in the event attackers are able to gain access to the external container. Work on your plausible deniability. Don't rely on TC to do the work for you or you'll end up with leaks everywhere.
http://www.schneier.com/paper-truecrypt-dfs.pdf

--
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Re:Very nice of the Rail Corporation to auction th by icebike · 2011-12-07 10:27 · Score: 4, Insightful

My thoughts exactly.
None of these (256 meg to 8 Gig) were so valuable that their destruction would have been considered a huge waste, and the potential damage to the forgetful owner could be massive. You would think that the LEAST they could do was format them, which itself is far from fool proof. But releasing them intact just seems dumb, even if not illegal.

he Sophos researchers found personal information belonging to the former owners of the devices, as well as their families, friends and colleagues. The recovered files included images, documents, source code, audio files, video files, XML files and even AutoCAD drawings.

--
Sig Battery depleted. Reverting to safe mode.
Summary... by Chelloveck · 2011-12-07 10:27 · Score: 4, Insightful

Anti-virus vendor says there's yet another way to get a virus, and you need their product even more. Film at eleven.

--
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
Re:Truecrypt? by Anachragnome · 2011-12-07 11:13 · Score: 4, Funny

Thanks.
I guess the old adage still applies...
"Careful where you stick that thing, son..."
Re:Truecrypt? by Artifakt · 2011-12-07 12:21 · Score: 4, Funny

how would they know if some sort of stenography was being implemented
You are correct. There is no known way to detect which files were transcribed in shorthand by a person taking dictation before being entered by keyboard...
Oh, wait, you meant "steganography", didn't you?

--
Who is John Cabal?