USB devices spreading viruses

USB thumb drives are convenient, popular and often free--and they're spreading viruses like sailors on shore leave.*

The US-CERT (Computer Emergency Response Team) issued a warning on Thursday that malicious code is increasingly propagating via USB flash drive devices.

Meanwhile, the U.S. Department of Defense has temporarily banned the use of thumb drives, CDs, and other removable storage devices because of the spread of the Agent.bzt virus, a variant of the SillyFDC worm, according to Wired.

We've seen this before with portable external storage devices. Floppy disks were the culprit in the early 1990s, followed by CDs. The fact that USB thumb drives are being used by so many people makes them an attractive target for virus writers.

"The bad guys are intentionally developing new flavors of malware designed to propagate through USB devices," said Gunter Ollmann, chief security strategist for IBM's ISS security division. "They are today's floppy drives."

(Credit: CNET News/James Martin)

But USB drives are even handier. Their small size makes them easy to slip into a pocket or carry on a lanyard around your neck. A common swag item in the tech industry, they also are mainstream consumer storage devices. They literally litter my desk drawers.

There are a couple of ways USB thumb drives can be used to spread viruses and other malicious software.

An infected computer can spread a virus to a clean USB thumb drive that is inserted. That USB drive will then be spreading the virus onto other computers if the operating system on those machines has an AutoRun-type feature enabled. The AutoRun function in Windows launches installers and other programs automatically when a flash drive or CD is inserted. The Mac has an equivalent function, according to Ollmann.

For that reason, people should disable any AutoRun features and manually launch programs when using a flash drive, he said. CERT has information about the dangers associated with AutoRun here, as well as tips specific to the safe use of USB drives here.

A virus also can be embedded in what looks like a normal file on a USB device, so that even if AutoRun is disabled, the computer will become infected when the file is opened.

Thumb drives aren't the only culprits; any device that plugs into a USB port--including gadgets like lights, fans, speakers, toys, even a digital microscope--can be used to spread malware, Ollmann said.

The devices can be infected during the manufacturing or supply chain process if quality control measures are not adequate, he said.

In addition to disabling AutoRun, Ollmann suggests that people use an antivirus tool to scan their USB devices before opening any files from them and be cautious with files on devices even if they come from trusted sources.

There's also the danger that the small devices can be lost, exposing the data on them to whoever happens to find them. A Swedish soldier was recently convicted of negligence after leaving a USB flash drive with classified information on it in a computer at a Stockholm university, according to an Associated Press report. And a British tax agency was forced to shut down its Web site after a contractor lost a flash drive containing confidential passwords and source code in a pub parking lot last month.

So, feel free to carry a USB memory stick, but be very careful where you put it.

*My sincere apologies if I offended anyone with this lead sentence. I struggled to find an analogy that works for infections spread by physical contact and which involve mobility, and airborne medical outbreaks just didn't work.

[n3td3v]

"Meanwhile, the U.S. Department of Defense has temporarily banned the use of thumb drives, CDs, and other removable storage devices because of the spread of the Agent.bzt virus..."

There is no security through obscurity.

[Peleg72]

Obscurity? It is more like inanity.
Instead of limiting the US army personal and by that reducing the organization?s efficiency there is a solution to this "disease".
Malware is defiantly not a new threat and I wonder why any time a big organization like the US army faces such an attack, their immediate response is not reasonable.
The US Army Must maintain its mobility and also to secure its sensitive information.
SanDisk Enterprise recently released a secure USB drive with McAfee malware protection.
I read all about it in their <a href="http://www.sandisk-enterprise.com/blog"> secure USB drive blog </a>"
Thinking of it, any private person who faces malware would protect himself from why and not stopping to use his computer, right? so why not the US Army does so?
:) So guys (from the US Army) talk to SanDisk they might save you some trouble.

[DaClyde]

The continued incompetence by DoD IT people is staggering. They have piles of regulations that they refuse to enforce consistently, don't provide the training or staff in the areas that are having the most problems and are very big on ignoring preventative security policies, preferring to crack down AFTER a problem has arisen.

There's nothing that has happened on a DoD network that properly applied group policies or updated virus scanners wouldn't have caught or prevented. And nothing will change after whatever caused this crack down. This knee-jerk ban would practically cripple certain DoD projects that depend on removable media if actually enforced on all levels.

And CDs? Seriously?

[tech_crazy]

"Thumb drives aren't the only culprits; any device that plugs into a USB port--including gadgets like lights, fans, speakers, toys, even a digital microscope--can be used to spread malware, Ollmann said. "

Seriously, lights and fans? All they hook up to are the power pins in the USB connector.

[blueshore]

Partially right. Some USB hardware has some flash memory to store drivers (like the Sprint or at&t USB modem cards), Other are just using the power pins. But it makes you wonder if it is possible to infiltrate a flash memory into a fan or a light (or a mug warmer).

Revenge of the Furby?

[Mr. Dee]

The network at the institution I attended was brought to its knees because of thumb drives. The viruses kept propagating because everybody plugged in the thumb drives in every computer willy nilly. Symantec was never updated or the server was not distributing definitions properly. The server itself was brought down a few times, even when Symantec EndPoint did remove the viruses, malware and Trojans they left back residue of Administrative privileges being disabled through group policy, we had to repair it with a tool called RRT. Thumb drives when cleaned kept getting reinfected because persons laptops including mine were infected and the cycle just continued. I just came to a point where I said, I am not putting my thumb drive in any computer on campus. The only computer I did put my thumb drive in was a friends MacBook Pro and that was just for OS X. Her boot camp installation of XP even got infected, thank goodness I created a bunch of system restore points for her. So every time she got infected and Trojans disabled admin privileges I simply restored to an early point in time before the virus infected the system and created a new system restore point. I did this also for my friends XP and Vista note books. I also told them to stop plugging in the Ethernet cables in their laptops and use the wi-fi instead. A majority of the lab PC's were running Windows 2000 Professional which does not include Auto-Run like XP, but when thumb drives are plugged in they must be initialized and the vulnerabilities take advantage of that window of opportunity, so the system still gets infected. One particular worm called Brontok is known for propagation on the network and there are different variants. So even when you did catch one with your AV you still didn't catch because another variant had already been created. Its quite obvious that the problem is not Windows 2000, because even friends running Vista 64 bit with all its built in security features such as Standard Admin account, ASLR, Patch Guard, Driver Signing, Windows Defender, Firewall on and AV on top of that was still vulnerable.

[catch23]

BS. Vista running at standard user would do jack. At least nothing that will compromise the system.
Peddle your worthless FUD elsewhere.

[Mr. Dee]

catch23, I am just telling real experiences, no lies.

[alegr]

"Standard Admin"? WHat's that? Ther is Administrator and Limited User. Under UAC, Administrator session runs mostly under Restricted token, unless a process starts with elevation, which removes restriction. But this is a kludge anyway. Just use Limited User accounts.

[Penguinisto]

Heya folks - y'all do know that malware doesn't need to run under elevated privileges to operate as a zombie or as an SMTP spam-pump, right?

/P

[nopinktoday]

Pretty creepy. So now every time I plug in my PSP to my desktop, ima pray to the heavens for no Trojans.

No more Trojans mommy!

[lkrupp]

"Seriously, lights and fans? All they hook up to are the power pins in the USB connector."

That's the beauty of FUD. It doesn't have to make sense.

[Perry_Clease]

"Pretty creepy. So now every time I plug in my PSP to my desktop, ima pray to the heavens for no Trojans."

Well if a sailor was wearing a Trojan then he wouldn't spreading/getting viruses while on shore leave. :)

"My sincere apologies if I offended anyone with this lead sentence. I struggled to find an analogy that works for infections spread by physical contact and which involve mobility, and airborne medical outbreaks just didn't work."

I spent over 20 years in the US Navy and never once spread a virus. :)

For an analogy that "covers" your bases, how about; Spreading a virus like a sick kid with the flu and coughing while on a transcontinental flight.

[benjwah]

Sweden has soldiers?

[dmm]

Yeah, that's what the secret information was.

[cyberspittle]

Does this affect Linux computers? No? Hmmm.

[imacpwr]

Conveniently forgot to mention whIch OS this is affecting.....??? When is the USA government ever going to get smart and switch to a safe(r) operating system. Heck, anything would be safer than M$...!!

[celticbrewer]

Anyone care to post the link to the research showing that macs have more vulnerabilities than PCs?

I'm sure if businesses and the government switched to another OS (including Linux, cyberspittle), the malware writers would quickly churn out programs for those OSes. NOTHING that is networked or that allows peripherals is, or ever will be, totally secure. Deal with it!

[afterhours]

Picking on sailors? No offense taken -- I'm sure you could point to one or two instances where they outmatched, say, journalism students on a Saturday night, or office workers at a Christmas party, or Congressmen in the Page lounge, or...

[strongheartshadow]

I read the story and I noticed just how quick some guy was to jump on the Department of Defense.
Maybe the reader did not notice that the soldier was Swedish. They are not part of our Military!
The Tax collector was British! He's not our's either! Quite possibly the DOD is responding cautiously; that's not a bad thing..

As for brains it's good thing that person is not handling security in this country. We would be in a real mess!

[steventhompson77]

naevius usb antivirus helps protect you from viruses spreaded from USB storage devices.