Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two-Thirds of Lost USB Drives Carry Malware

Posted by samzenpus on from the bugs-everywhere dept.

itwbennett writes "Antivirus firm Sophos acquired a passel of USB sticks lost by commuters on trains in the Greater Sydney metro area at an auction organized by the Rail Corporation New South Wales. The company analyzed 50 USB sticks and found that not a single one was encrypted and 33 of them were infected with at least one type of malware."

8 of 196 comments (clear)

  1. What do you expect .. by roguegramma · · Score: 5, Funny

    .. they were lost by the 10% of commuters stupid enough to lose an USB stick.

    --
    Hey don't blame me, IANAB
    1. Re:What do you expect .. by Marxist+Hacker+42 · · Score: 5, Interesting

      I was thinking of a different self-selecting sample- the script kiddies willing to spread malware-infected USB sticks around in public to see which computers phone home.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    2. Re:What do you expect .. by jabberw0k · · Score: 5, Insightful

      most lost USB sticks are being handed into lost property rather than being plugged into computers by users.

      100% of items handed in, have been handed in -- what a surprise! How do they track lost items that were not handed in? This is as accurate as Gracie Allen's telephone poll -- 100% of people she phoned, had a phone.

  2. Mac by cyachallenge · · Score: 5, Insightful
    FTA

    One interesting aspect of the results was that based on their data and formatting seven of the infected storage devices belonged to Mac OS X users or had been extensively used under this OS.

  3. Encryption by Hatta · · Score: 5, Insightful

    The whole point of portable USB sticks is to access your data from strange computers. Plugging an encrypted USB stick into a strange computer completely defeats the point of the encryption. None of my USB sticks are encrypted; they don't need to be because they have no personal information on them.

    --
    Give me Classic Slashdot or give me death!
    1. Re:Encryption by Anonymous Coward · · Score: 5, Informative

      That's not the only point of USB sticks - they can also be used to syncronise two trusted computers at different locations. I use one for just this purpose. However, mine is encrypted.

  4. Safe USB by FuzzyHead · · Score: 5, Funny

    I practice safe USB plugging. I put a rubber cover over my USB stick before I try to plug it in to anything. I have never once caught a virus on it.

  5. Re:Truecrypt? by black3d · · Score: 5, Informative

    Truecrypt isn't designed to be invisible at all. Aside from entirely encrypted drives, it's fairly obvious if someone HAS encrypted data. Truecrypt is about hiding that data via hidden paritions within outer encrypted containers, and plausible deniability.

    Truecrypt volumes are generally detectable:
    http://www.jadsoftware.com/?page_id=89
    https://code.google.com/p/tcdiscover/
    And if the researchers discovered drives that are filled entirely with random data, then they know they're either securely formatted or encrypted, and would likely consider them the latter - if they're securely formatted the file system appears intact. If the entire drive is encrypted (or securely erased from the MBR up) then the FS is not intact, and it's a fair bet that the researchers are claiming they found all sticks with intact file systems, formatted to the same volume as the stick, with single partitions.

    As are those hidden within files:
    http://16s.us/TCHunt/index.php

    But - the reason for the ramble: Never make the mistake of thinking Truecrypt is invisible. It's not. What's "invisible" should be your second hidden volume within the Truecrypt container - if you've set it up correctly. And there have previously even been attacks on that, in the event attackers are able to gain access to the external container. Work on your plausible deniability. Don't rely on TC to do the work for you or you'll end up with leaks everywhere.
    http://www.schneier.com/paper-truecrypt-dfs.pdf

    --
    "The true measure of a person is how they act when they know they won't get caught." - DSRilk