Malware slips in via many weak points. It can come through e-mail, drive-by downloads, or ill-advised clicking, perhaps on a misleading popup. Increasingly, it also comes via USB devices. In fact, according to AVAST Software, 13.5 percent of more than 700,000 attacks came via USB.
The main way that malware is delivered by USB is via the AutoRun feature in Windows. AutoRun is a convenience feature that pops up a dialog to help users choose what to do with a USB device upon connection to their PCs. When a USB device infected with a particular type of worm is connected to the PC, an executable file starts that begins downloading malware onto the PC. This malware infects the OS and can replicate itself each time the computer is restarted.
The most common devices for the delivery of such malware are, unsurprisingly, USB flash drives. USB drives, in addition to being cheap and ubiquitous, are a Security admin's worst nightmare. USB drives as the modern sneakernet in an office bypass an organization's gateway security, leaving defense in the hands of local machines—hence the need for adequate endpoint protection.
Worse, as USB device capacities get larger and larger, people are likely to skip scanning them for malware. Scanning a 256MB stick is trivial, but few people are likely to perform a full scan of their 1TB hard drive that they brought into the office after a long night of downloading porn from sketchy Russian sites. That's how the malware gets in.
Posts
