If you found a USB stick, would you plug it into your laptop to see what’s on it?
Sounds like a risky thing to do, but in a recent experiment in four major U.S. cities, that’s exactly what happened when 200 unbranded USB devices were left in public places. One in five people let their curiosity get the best of them and plugged the flash drive into a device. These “Nosy Nellys” proceeded to open text files, click on unfamiliar web links, or send messages to a listed email address. All potentially risky behaviors!
“These actions may seem innocuous, but each has the potential to open the door to the very real threat of becoming the victim of a hacker or a cybercriminal,” said Todd Thibodeaux, president and CEO of The Computing Technology Industry Association (CompTIA) the trade association that commissioned the experiment.
Every time you plug an unknown flash drive into your computer, you’re taking a risk because a USB drive can spread malware, as well as attract it. Here are some dramatic examples:
Stuxnet and Flame were spread by USB device
The infamous Stuxnet worm and Flame malware, alleged American-Israeli cyber weapons designed to attack and spy on Iran’s nuclear program, relied on USB sticks to disseminate attack code to Windows machines.
Would you rather trust the virus experts or your instincts?
Every day 140,000 people connect their USB flash drive or mobile phone to a computer, and get a warning from Avast about an infection called LNK:Jenxcus.
Which kind of person are you?
Many of them act on that information from their trusted Avast Antivirus security software and as a result, they scan their USB device for malware and they wipe it away. Crisis over.
But there is another group of people who keep this infection alive and active, because they refuse to believe it is a real or dangerous threat. In other words, because something has always been one way, they assume it can’t change, therefore Avast must be wrong.
As a result, they decide to turn off their antivirus shield and by doing so, they create an obstacle-free way for malware to enslave their computer and steal data or valuable computing time.
A perfectly good reason. Or is it?
One of the most frequent reasons people use for disabling shields and allowing malware to spread in their computer is
“I use this file all the time and it is safe.”
Another variation is,
“I created this file, it’s only a picture.”
Do you find this situation familiar? Are you guilty of over-riding the security software you installed to protect yourself?
If your answer is yes, then test your virus detection knowledge with the image below. There are two screenshots of a directory from a USB stick; one is infected and the other is clean. Can you tell the difference?
It’s difficult to tell, isn’t it?
The one on the left is infected. The most visible differences are on the icons, but there is another clue in the file types. Some files and directories on the left side changed their type into a shortcut. This happened because a malicious script installed itself onto a USB drive and replaced legitimate files with links. If the owner of the USB opens the directory Firm Accounting, for example, he executes malware that in the end opens the real Firm Accounting directory, so it looks like everything is normal. But it is not, because in the background all the computer’s drives are getting infected over and over again.
Avast detects LNK:Jenxcus and warns you.
The trick is; you have to heed the warning.
Source of infection
Except from other infected drives, this malware is downloaded onto your computer from hacked websites. The screenshot below shows an example of a hacked website waiting for random users with a vulnerable internet browser. Can you tell the difference this time?
If you answered no, you are absolutely right, because for the normal user there is no visible change. That is probably the reason for another frequent excuse before disabling the shields,
“I visit this page every day. It doesn’t have malware.”
That’s just not good enough, because the fact that the page is clean most of the time, does not mean it is not vulnerable to attacks. In fact most small and medium-sized business (SMB) pages have some exploitable vulnerability and when they get targeted by exploit kit authors, your best chance to stay safe are updated applications and active antivirus. With the shields ON!
If you are comfortable with computers, then you may want to clean this infection manually. Start with your computer and look for links (.lnk) and visual basic script (.vbs .vba .vbe) or batch files (.bat). Links usually point to this hidden script files so it is not hard to find them. If you wonder where the original files are, you can find this information in links too. They were not moved in most cases, just marked as hidden so they are not visible on computers with standard configuration. When you are sure all hard drives are clean, it is time to go through all your removable ones and go through the same procedure.
An easier way to clean an infection is by using a good cleaning tool. If you need help searching for such tool, visit our Avast forum and read what others do in your situation, or ask nicely for help from Evangelists, who dedicate their free time to helping users and researching security problems.
Suspect a false positive?
If you think it’s a false positive, do a little checking first. The Avast forum is a good place to start. You can read about LNK:Jenxcus, or you can start a new thread with your own question. If you are still convinced that you have a false positive, then please report it so the Avast Virus Lab can determine how/why it’s detected,. This video tells you how,
Good question. Every time you plug an unknown flash drive into your computer, you’re taking a risk because a USB drive can spread malware as well as attract it. Have you ever heard “My flashdrive ate my homework” as an excuse? It could happen. Here’s how avast! can help.
Avast! security products come with a number of pre-defined scans installed including the ability to scan any removable storage device that is connected to your computer, such as USB flash drives, external hard drives, etc. It will scan the drive to detect potential “auto-run” programs that may try to launch when the device is connected.
To carry out a manual scan of Removable media, select the Scan tab in the avast! user display. This will open the Scan screen as shown in the screenshot.
A Quick scan will perform a scan of the C:\drive on your computer, which is normally sufficient to detect the majority of malware. Only files with “dangerous” extensions are scanned, for example, .exe, .com, .bat, etc. Only those areas at the beginning and end of a file, where infections are normally found, are tested.
A Full system scan performs a detailed scan of all your computer’s hard disks. Avast! looks inside every file to determine what type of file it is and whether it should be scanned. The whole file is tested, which is useful if you suspect you have an infection which was not detected by the quick scan.
If you want to scan a specific folder or multiple folders, Select folder to scan.
To run one of the pre-defined scans, just click Start.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.