1-in-4 worms spread through infected USB devices
Flash drive attack vector remains popular, says security company
Computerworld - Hard on the heels of a report that a USB drive was used to compromise U.S. military networks in 2008, a security company today claimed that 25% of all new worms are designed to spread through the portable storage devices.
"Much of the malware in circulation has been designed to distribute through these devices," said Luis Corrons, the technical director of PandaLabs, the research arm of Panda Security, in a statement Thursday. "Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user."
While a quarter of all 2010's worms rely on USB devices to spread to other PCs, a recent Panda survey of more than 10,000 small- and medium-sized firms found that 27% of those victimized by a malware infection in the last year reported that the attack had originated with infected USB hardware, primarily flash drives.
Other devices that connect to PCs via USB, including smartphones, cameras and music players, also are a threat, added Corrons. "All these devices have memory cards or internal memories and therefore it is very easy for your cell phone, say, to be carrying a virus without your knowledge," he said.
The Stuxnet worm was one of the year's high-profile threats that relied on USB drives. In July, Stuxnet targeted PCs running software that managed large-scale industrial control systems in major manufacturing and utility companies by exploiting a then-unpatched vulnerability in Windows's shortcut files.
When users viewed the contents of an infected USB drive with a file manager like Windows Explorer, Stuxnet loaded itself onto the PC.
Microsoft issued an emergency "out-of-band" security update on Aug. 2 to plug the shortcut hole.
The USB infection vector isn't new. Two years ago, the Conficker worm made headlines worldwide after it spread using flash drives, among other avenues.
Earlier this week, U.S Deputy Defense Secretary William Lynn revealed that the U.S. Central Command's (CENTCOM) network was compromised after an infected USB drive was plugged into one of the network's PCs. CENTCOM is the military's joint regional command responsible for the Middle East, including Iraq and Afghanistan.
After Conficker's appearance, Microsoft patched Windows to fix a bug that prevented users from disabling "AutoRun," the mechanism that hackers used to automatically infect PCs when USB drives were plugged in. The company also changed AutoRun's behavior in Windows 7 to stymie such attacks.
Today, Corrons touted "USB Vaccine," a utility he said completely disables AutoRun. The tool can be downloaded from Panda's Web site; although USB Vaccine is free, users must provide their name, phone number and e-mail address before downloading.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at
@gkeizer or subscribe to Gregg's RSS feed
. His e-mail address is gkeizer@ix.netcom.com.
Read more about Security in Computerworld's Security Topic Center.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Identity Governance: The Business Imperatives
- This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make...
- CA Technology Brief: CA Point of View: Content Aware Identity & Access Management
- This paper explores the concept of content-aware IAM, describes the integrated architecture for this new approach, and highlights the benefits that this approach...
- Google: Security for Google Apps Messaging & Collaboration
- Content provided by Google
Find out about how Google creates a security-based platform for Google Apps, covering topics like information security, physical security, and... - An Interactive Guide: Bring Your Own Device
- BYOD presents significant security and management challenges to IT departments who want to take advantage of the trend, but still protect corporate assets....
- Fundamental Principles of Network Security
- This paper covers the fundamentals of secure networking systems, including firewalls, network topology and secure protocols. Best practices are also given that introduce... All Security White Papers
- Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game - When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
- Introduction to VMware vCenter Site Recovery Manager 5
- Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
- The Top Ten Secrets to Avoiding SAN Performance Problems
- Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
- Deduplication Without Compromise
- Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
- Director of Disk Products Discusses DXi6700
- Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
- Playing Defense: Staying on Top of Your Disaster Recovery Game
- When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing... All Security Webcasts