Sticking unknown USB devices into your computer is risky business
Sounds like a risky thing to do, but in a recent experiment in four major U.S. cities, that’s exactly what happened when 200 unbranded USB devices were left in public places. One in five people let their curiosity get the best of them and plugged the flash drive into a device. These "Nosy Nellys" proceeded to open text files, click on unfamiliar web links, or send messages to a listed email address. All potentially risky behaviors!
“These actions may seem innocuous, but each has the potential to open the door to the very real threat of becoming the victim of a hacker or a cybercriminal,” said Todd Thibodeaux, president and CEO of The Computing Technology Industry Association (CompTIA) the trade association that commissioned the experiment.
Every time you plug an unknown flash drive into your computer, you’re taking a risk because a USB drive can spread malware, as well as attract it. Here are some dramatic examples:
The infamous Stuxnet worm and Flame malware, alleged American-Israeli cyber weapons designed to attack and spy on Iran’s nuclear program, relied on USB sticks to disseminate attack code to Windows machines.
A tainted USB drive was responsible for attacks at two U.S. power generation facilities documented in late 2012. The U.S. Industrial Control Systems Cyber Emergency Response Team were called in to investigate and found that infections were spread by USB drives that were plugged into critical systems without back-ups.
Avast antivirus products come with a number of pre-defined scans including the ability to scan any removable storage device that is connected to your computer, like USB flash drives and external hard drives. It will scan the drive to detect potential “auto-run” programs that may try to launch when the device is connected.