Beware of infected storage devices: USB flash drives, Floppy disks, CD-ROMs
Classic tricks never go out of style. A favorite trick in the cyber-crime world is done by infecting USB flash drives (or whatever method of storage that is used at the time… remember floppy disks and CD-ROMs?) to cast a malicious program onto the victim’s computer by taking advantage of our biggest human weakness: curiosity.
Maybe you think that there are only few who would fall into these traps, but the truth is that it’s a common occurrence. A group of researchers from the University of Illinois tested people’s “curiosity” and came up with an interesting conclusion: almost half took the bait.
Curious by nature
The study’s author spread 297 USB flash drives across campus to see what would happen. Almost half of the devices (48%) ended up in the USB port of someone else’s computer. Most of them later claimed that they plugged-in the USB in order to find its rightful owner and return it to them (68%). 18% admitted they did it out of curiosity.
The most alarming is not the number of people who fell into the temptation to look at what was stored on the device, but that they would look without taking proper precautions. Only ten people analyzed the USB stick using an antivirus.
Only ten people used an antivirus while
examining the contents of the USB stick
The five most naive victims admitted that they completely trusted their perating system, which unfortunately, was too hopeful. As the prestigious security expert Bruce Schneier stated, “the problem isn’t that people are idiots […] The problem is that operating systems trust random USB sticks.”
If you found a USB stick, would you plug it into your laptop to see what’s on it?
Sounds like a risky thing to do, but in a recent experiment in four major U.S. cities, that’s exactly what happened when 200 unbranded USB devices were left in public places. One in five people let their curiosity get the best of them and plugged the flash drive into a device. These “Nosy Nellys” proceeded to open text files, click on unfamiliar web links, or send messages to a listed email address. All potentially risky behaviors!
You can scan your USB sticks with Avast
“These actions may seem innocuous, but each has the potential to open the door to the very real threat of becoming the victim of a hacker or a cybercriminal,” said Todd Thibodeaux, president and CEO of The Computing Technology Industry Association (CompTIA) the trade association that commissioned the experiment.
Every time you plug an unknown flash drive into your computer, you’re taking a risk because a USB drive can spread malware, as well as attract it. Here are some dramatic examples:
Stuxnet and Flame were spread by USB device
The infamous Stuxnet worm and Flame malware, alleged American-Israeli cyber weapons designed to attack and spy on Iran’s nuclear program, relied on USB sticks to disseminate attack code to Windows machines.
Power generation facilities infected by malware on USB sticks
A tainted USB drive was responsible for attacks at two U.S. power generation facilities documented in late 2012. The U.S. Industrial Control Systems Cyber Emergency Response Team were called in to investigate and found that infections were spread by USB drives that were plugged into critical systems without back-ups.
How to use Avast to scan a USB device
Avast antivirus products come with a number of pre-defined scans including the ability to scan any removable storage device that is connected to your computer, like USB flash drives and external hard drives. It will scan the drive to detect potential “auto-run” programs that may try to launch when the device is connected.
Open the Avast user interface
Click the Scan tab
Choose Scan for viruses
In the drop down menu on the right side, choose Removable media from the selection
The follow-up to the original USB killer by Dark Purple can obliterate a computer within seconds by delivering a a negative 220-volt charge into the device.
The idea of needing to disable a computer quickly as the police–or another potential adversary–comes through the door typically has been the concern of criminals. But in today’s climate activists, journalists, and others may find themselves wanting to make their laptops unusable in short order, and that’s where usbkill comes in. The new tool is a […]
This innocent looking USB drive could lead to infection – but only if you second-guess Avast warnings!
Would you rather trust the virus experts or your instincts?
Every day 140,000 people connect their USB flash drive or mobile phone to a computer, and get a warning from Avast about an infection called LNK:Jenxcus.
Which kind of person are you?
Many of them act on that information from their trusted Avast Antivirus security software and as a result, they scan their USB device for malware and they wipe it away. Crisis over.
But there is another group of people who keep this infection alive and active, because they refuse to believe it is a real or dangerous threat. In other words, because something has always been one way, they assume it can’t change, therefore Avast must be wrong.
As a result, they decide to turn off their antivirus shield and by doing so, they create an obstacle-free way for malware to enslave their computer and steal data or valuable computing time.
A perfectly good reason. Or is it?
One of the most frequent reasons people use for disabling shields and allowing malware to spread in their computer is
“I use this file all the time and it is safe.”
Another variation is,
“I created this file, it’s only a picture.”
Do you find this situation familiar? Are you guilty of over-riding the security software you installed to protect yourself?
If your answer is yes, then test your virus detection knowledge with the image below. There are two screenshots of a directory from a USB stick; one is infected and the other is clean. Can you tell the difference?
It’s difficult to tell, isn’t it?
The one on the left is infected. The most visible differences are on the icons, but there is another clue in the file types. Some files and directories on the left side changed their type into a shortcut. This happened because a malicious script installed itself onto a USB drive and replaced legitimate files with links. If the owner of the USB opens the directory Firm Accounting, for example, he executes malware that in the end opens the real Firm Accounting directory, so it looks like everything is normal. But it is not, because in the background all the computer’s drives are getting infected over and over again.
Avast detects LNK:Jenxcus and warns you.
The trick is; you have to heed the warning.
Source of infection
Except from other infected drives, this malware is downloaded onto your computer from hacked websites. The screenshot below shows an example of a hacked website waiting for random users with a vulnerable internet browser. Can you tell the difference this time?
If you answered no, you are absolutely right, because for the normal user there is no visible change. That is probably the reason for another frequent excuse before disabling the shields,
“I visit this page every day. It doesn’t have malware.”
That’s just not good enough, because the fact that the page is clean most of the time, does not mean it is not vulnerable to attacks. In fact most small and medium-sized business (SMB) pages have some exploitable vulnerability and when they get targeted by exploit kit authors, your best chance to stay safe are updated applications and active antivirus. With the shields ON!
Extermination
If you are comfortable with computers, then you may want to clean this infection manually. Start with your computer and look for links (.lnk) and visual basic script (.vbs .vba .vbe) or batch files (.bat). Links usually point to this hidden script files so it is not hard to find them. If you wonder where the original files are, you can find this information in links too. They were not moved in most cases, just marked as hidden so they are not visible on computers with standard configuration. When you are sure all hard drives are clean, it is time to go through all your removable ones and go through the same procedure.
An easier way to clean an infection is by using a good cleaning tool. If you need help searching for such tool, visit our Avast forum and read what others do in your situation, or ask nicely for help from Evangelists, who dedicate their free time to helping users and researching security problems.
Suspect a false positive?
If you think it’s a false positive, do a little checking first. The Avast forum is a good place to start. You can read about LNK:Jenxcus, or you can start a new thread with your own question. If you are still convinced that you have a false positive, then please report it so the Avast Virus Lab can determine how/why it’s detected,. This video tells you how,
USB drives have been known to carry viruses and malware, but a Russian electronics expert has now created a thumb drive that will literally fry your computer’s circuit board with a high voltage surge.
Google has added an extra layer of security to its browser, by introducing USB authentication to Chrome, the company has announced in an official blog post.