Thumb drives are pretty popular with almost every computer user out there. They offer a compact storage solution for carting around work projects, personal documents, and IT staff use them to cart around useful tools on the job.
Because thumb drives are so popular and generally get used to move data between multiple systems frequently, especially in the IT world, they are also a prime target for attackers as means to get infections spread around with you doing most of the work for them. Although a lot of work places ban the use of thumb drives by its employees, it is still very hard to govern effectively – it is not like you are getting searched at the door when arriving and departing from work every day. Some companies actually install silent applications on their workstations that detect when a drive has been added to the system – the software then notifies administrators – but by then it can already be too late.
Attackers could get an infection out via standard mediums using exploits, bogus spam email, etc and the infection could be designed so that it does not affect your computer directly since its only purpose is to sit and wait for external drives to be plugged in. Once an external drive or other storage based device is plugged in, the virus goes to work and transfers malicious code to the device without you even knowing that it is taking place – now your thumb drive has become the attackers tool, a tool to transport whatever code he/she wants to whatever computer you plug that drive into next – possibly your workstation at the office.
Malicious code can be used to steal your personal information, sensitive company documents, allow external access to the infected system, or even spread an annoying virus to a company network via network shares – the possibilities are limitless.
Some people tend to think that because they have an ‘encrypted’ flash drive they should be safe – which is completely incorrect. Encrypted flash drives are only effective against loss or theft, and even then it is questionable. Questionable since it could have been infected when you last accessed it – opening the doors on the encryption to get something on the inside that modifies the protection of the device itself.
Another common place that a lot of people probably do not think about is digital photo kiosks. These places are prime distribution points for infections. Think about it, if you were up to no good with some know-how, you could infect the photo kiosk computers at a Wal-Mart then sit back and laugh as literally thousands upon thousands of people walk in and insert their memory cards.
So what can you do about protecting yourself against such activity? Although 100 percent awareness and measures are not always 100 percent effective, there are simple things you can do at least ensure a higher protection rate. Such as:
Take advantage of security features - Use passwords and encryption on your USB drive to protect your data, and make sure that you have the information backed up in case your drive is lost (see Protecting Portable Devices: Data Security for more information).
Keep personal and business USB drives separate - Do not use personal USB drives on computers owned by your organization, and do not plug USB drives containing corporate information into your personal computer.
Use and maintain security software, and keep all software up to date - Use a firewall, anti-virus software, and anti-spyware software to make your computer less vulnerable to attacks, and make sure to keep the virus definitions current (see Understanding Firewalls, Understanding Anti-Virus Software, and Recognizing and Avoiding Spyware for more information). Also, keep the software on your computer up to date by applying any necessary patches (see Understanding Patches for more information).
Do not plug an unknown USB drive into your computer - If you find a USB drive, give it to the appropriate authorities (a location’s security personnel, your organization’s IT department, etc.). Do not plug it into your computer to view the contents or to try to identify the owner.
Some tech savvy users even go the extra mile, by utilizing virtual machine technology. By using virtual machine software, such as VirtualBox, one could have a so-called ‘sealed-off’ copy of an operating system when checking downloaded files, email attachments, and external storage devices for infections – if an infect exists, it would not get any further than the virtual machine. If the virtual machine becomes infected, it can be easily restored from an image or snapshot. The data or device can then be cured before being used on the host operating system or other computer. Now this is going to the extreme, and not many average computer users will take these types of steps, however, it just goes to show how serious the threat is, and how serious some people take it.