Risks of Malware Infected USB Sticks
We recently ran across an article posted on Yahoo that reminded us of the threat that USB sticks can impose on a computer or device if it is infected with Malware. For example, a compromised USB stick that connects to a computer can install malicious code infecting the unit with malware or viruses. This machine which now contains malware can pass it on to other USB sticks that connect to it. It could start a chain reaction when these infected USB sticks get inserted into other computers, thus passing the virus along. One of the malware scenarios discussed in the article is a USB stick can act as a network card and direct internet browsers to malicious websites, according to Security Research Labs in Berlin. Other USB devices could also be compromised such as keyboards, smartphones, and cameras.
Also noted in a recent article by Network World, the majority of USB sticks can be manipulated to infect computers in a very stealth process. Most USB devices do not update or protect their firmware (the internal software running on them), so this allows a malware program to take control of the firmware and essentially take place of it. It basically becomes a virus that can reproduce itself. Some other examples of exploits by USB, as noted by Security Research Labs in Berlin, are USB devices taking over Keyboard commands, acting as a Gigabyte Network Card, and controlling DNS functionality.
The USB stick is a great device that is easy to use, has plug and play capabilities, small in size, and very compatible. These features also make it easy for the transfer of viruses and malware. Some ideas that are being tossed around for possible solutions include: manufacturer firmware updates, a more advanced security procedure within the OS when devices are connected to it (i.e. similar pairing process like Bluetooth or USB firewalls), or simply getting users to understand the risks involved
To read the Network world article in detail – click here
To read the Yahoo article in detail – click here