Security Market Segment LS
Wednesday, 23 March 2016 17:50

USB flash drives load malware and steal data


One of the oldest pre-internet tricks to spread virus/malware was to leave a floppy disk or CD around with ‘must see’ content or programs on it. This concept has migrated to USB flash drives given out at trade shows, posted, or left around offices.

ESET,  a digital protection company, discovered a new data-stealing Trojan malware called USB Thief (Win32/PSW.Stealer.NAI) that affects Windows computers.

USB drives purporting to contain valuable content are infected and generally salted by cyber criminals around victim’s offices. This is important as the USB device also can collect information – the computer need not be connected to the internet – requiring someone to repatriate it to the cyber-criminal.

Once inserted, it uses Auto-run (executes on insertion) or shortcuts to get users to run it. USB thief has been found portable versions of popular applications such as Firefox, NotePad++ and TrueCrypt but it could infect any .exe file by inserting malware into the command chain via a plugin or a dynamically linked library (DLL).

It doesn’t leave any evidence on the infected computer. Users can have their data stolen without even noticing and without being online.

It also has mechanisms to protect the malware from being reproduced or copied, which makes it even harder to detect and analyse. “It seems that this malware was created for targeted attacks on systems isolated from the internet,” comments Tomáš Gardo, ESET Malware Analyst.

“Because it is USB-based, the malware is capable of attacks on systems isolated from the internet without leaving any traces. So the victims don’t notice that their data were stolen,” Gardo says.
“Another feature which makes this malware unusual is that not only it is USB-based, but it is also bound to a single USB device since it is intended that the malware shouldn't be duplicated or copied. This makes it very difficult to detect and analyse.”

How to protect against this threat:

  • Do not use USB storage devices from non-trustworthy sources!
  • Turn off Auto-run – but that will not help if you click to execute the program
  • Format all ‘stray’ USBs on a sandboxed computer – if you don’t need the content
  • If you suspect a USB stick use it on a sandboxed computer with no important information on it
  • Be aware that targeted organisations will require someone to repatriate the device to the cyber-criminal. They pay well for this service.
  • Regularly backup your data
  • Ask your organisation to implement policies for external digital storage devices to avoid information theft
  • Warn colleagues and your organisation to carefully work with USB storage
  • If you have very sensitive data to protect, protect USB devices with ESET or another antivirus application that specifically checks USB drives


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!



Recent Comments