1. Computing

Malware alert — don’t plug in that USB stick you found on the street

By

Be careful, that “found” USB drive may hold malware that’s just waiting for you to plug it in. Maybe you consider a found USB stick a chance to do a good deed by returning it to its owner — if you can discover who the owner is. Or maybe you’re curious and just want to see what’s on the removable storage drive. Whatever your reason for picking it up and plugging it in, that “lost” USB stick may be bait waiting for someone to hurt, according to Tom’s Hardware.

Google anti-abuse team researcher Elie Bursztein tested the effectiveness of using “lost” USB memory  to spread malware on a college campus. In Bursztein’s study, almost all of the USB sticks (97 percent) were picked up and almost half (45 percent) were plugged into computers where someone clicked on the stored files. In further testing, Bursztein found that USB sticks with labels such as “Exams” or “Confidential” were more likely to be opened than unlabeled drives while sticks with return addresses were less likely to be opened.

The threats from USB drives can come in several forms. HTML files or executable files stored on the drive could activate malware to infect the system in the background while running innocuous programs in the foreground. Users could be sent to a phishing site that would attempt to steal personal information. Alternately, activated code could search the computer’s files for personal credentials and then attempt to send them back to the hacker or to the cloud for later retrieval.

USB devices that resemble memory sticks but are really keyboard spoofers could be programmed to allow remote access and signal a hacker that the computer is open and ready for whatever the hacker intends.

It’s also possible to use USB sticks to mount zero-day attacks that exploit known software vulnerabilities either before vendors patch the hole or before users download updates. According to Bursztein, zero-day threats are less likely to be spread with randomly “lost” USB sticks due to the cost and complexity of altering firmware. You are more likely to be hit with malicious files or to pick up a keyboard-spoofer.

In any case, the best advice is to resist the temptation to pop a “found” USB stick into your computer just to see what’s on it. Bursztein demonstrated how a USB drop attack could work at Black Hat USA 2016.

Editors' Recommendations

How to tell if your webcam has been hacked

razer siren x mic kiyo webcam and 4

Fujifilm X-T200 review: All the camera you need

fujifilm x t200 review product dm 1500px6

The guy who invented USB finally admits it’s annoying to plug in

usb stick malware lost issues 0001

USB drive survives two years in seal poop before being reunited with its owner

how a usb drive found in seal poop got reunited with its owner leopard sea hydrurga leptonyx paradise bay antarctica

Nvidia’s new RTX 3070 Ti graphics card hit stores today and sold out in minutes

nvidia rtx 3070 ti review

Best cheap printer deals for June 2021

best printer deals - Canon Pixma TS3122

Best cheap Apple deals and sales for June 2021

dell xps 15 vs macbook pro 16 apple ry 14 1200x9999

The super-cheap Samsung Galaxy Book Go is now available, starting at just $350

samsung galaxy book go now available starting at just 350 feature

The best Macbook alternatives for 2021

dell xps 13 9310 specs price release date 02

The best monitors for photo editing

LG 32UD99-W review

Save up to $1,100 off Dell workstation laptops with these fantastic deals

dell precision 3560 mobile workstation deal june 2021

Save big on Dell XPS 13, Microsoft Surface Laptop 3 today

dell xps 13 9310 specs price release date 02

7 things you didn’t know you could do in Outlook

microsoft outlook getting new features