Skip to main content

Malware alert — don’t plug in that USB stick you found on the street

USB drop attack demo - Blackhat USA 2016
Be careful, that “found” USB drive may hold malware that’s just waiting for you to plug it in. Maybe you consider a found USB stick a chance to do a good deed by returning it to its owner — if you can discover who the owner is. Or maybe you’re curious and just want to see what’s on the removable storage drive. Whatever your reason for picking it up and plugging it in, that “lost” USB stick may be bait waiting for someone to hurt, according to Tom’s Hardware.

Google anti-abuse team researcher Elie Bursztein tested the effectiveness of using “lost” USB memory  to spread malware on a college campus. In Bursztein’s study, almost all of the USB sticks (97 percent) were picked up and almost half (45 percent) were plugged into computers where someone clicked on the stored files. In further testing, Bursztein found that USB sticks with labels such as “Exams” or “Confidential” were more likely to be opened than unlabeled drives while sticks with return addresses were less likely to be opened.

The threats from USB drives can come in several forms. HTML files or executable files stored on the drive could activate malware to infect the system in the background while running innocuous programs in the foreground. Users could be sent to a phishing site that would attempt to steal personal information. Alternately, activated code could search the computer’s files for personal credentials and then attempt to send them back to the hacker or to the cloud for later retrieval.

USB devices that resemble memory sticks but are really keyboard spoofers could be programmed to allow remote access and signal a hacker that the computer is open and ready for whatever the hacker intends.

It’s also possible to use USB sticks to mount zero-day attacks that exploit known software vulnerabilities either before vendors patch the hole or before users download updates. According to Bursztein, zero-day threats are less likely to be spread with randomly “lost” USB sticks due to the cost and complexity of altering firmware. You are more likely to be hit with malicious files or to pick up a keyboard-spoofer.

In any case, the best advice is to resist the temptation to pop a “found” USB stick into your computer just to see what’s on it. Bursztein demonstrated how a USB drop attack could work at Black Hat USA 2016.

Editors' Recommendations

Bruce Brown
Digital Trends Contributing Editor Bruce Brown is a member of the Smart Homes and Commerce teams. Bruce uses smart devices…
Don’t have a meltdown, but German officials just found malware in a nuclear reactor
faa bans drone flights over nuclear sites plant

Officials at a German nuclear power plant found a grip of malware on an official system, according to a report from Reuters.

The plant in question, Gundremmingen, lies about 75 miles outside of Munich. The infected computer was installed in 2008 for visualizing data associated with transporting fuel rods, but by now is probably being carefully disassembled and disposed of.

Read more
Don’t trash your old USB drive! This is what happens when you do
usb stick malware lost issues 0001

USB thumb drives are undeniably convenient, but due to their small size and -- depending on who you are -- their rapid proliferation, they can be easy to lose track of. And now we have proof that we should be more careful about the information we store on these drives, as a recent study from the University of Illinois Urbana-Champaign (here’s a link to the PDF) shows that as often as not, someone who finds a random USB drive will look through whatever is stored on it.

T-Mobile Offer: Buy the LG G5 and get a free battery and cradle bundle

Read more
Don’t mistype that URL, as it could lead to malware

Typo prone? You may want to clean up your act. In a malicious trend known as typosquatting, hackers are now taking advantage of our fast fingers and careless errors, attempting to send malware onto Macs by way of mistyped URLs. According to the security company Endgame, a whopping 300 popular .com sites have been registered in Oman, whose top level domain is .om. But this is only a cover -- the .om sites try to load OS X malware known as Genieo onto the Apple devices of unsuspecting users.

Endgame first came across typosquatting when an employee made a typo in "," instead typing, "" As Endgame notes, "He did not get a DNS resolution error, which would have indicated the domain he typed doesn’t exist.  Instead, due to the registration of “” by a malicious actor, the domain resolved successfully." Luckily, being an Endgamer, he was able to spot the malware, and "retreated swiftly, avoiding harm."

Read more