Home Business IT Security USB flash drives load malware and steal data

One of the oldest pre-internet tricks to spread virus/malware was to leave a floppy disk or CD around with ‘must see’ content or programs on it. This concept has migrated to USB flash drives given out at trade shows, posted, or left around offices.

ESET,  a digital protection company, discovered a new data-stealing Trojan malware called USB Thief (Win32/PSW.Stealer.NAI) that affects Windows computers.

USB drives purporting to contain valuable content are infected and generally salted by cyber criminals around victim’s offices. This is important as the USB device also can collect information – the computer need not be connected to the internet – requiring someone to repatriate it to the cyber-criminal.

Once inserted, it uses Auto-run (executes on insertion) or shortcuts to get users to run it. USB thief has been found portable versions of popular applications such as Firefox, NotePad++ and TrueCrypt but it could infect any .exe file by inserting malware into the command chain via a plugin or a dynamically linked library (DLL).

It doesn’t leave any evidence on the infected computer. Users can have their data stolen without even noticing and without being online.

It also has mechanisms to protect the malware from being reproduced or copied, which makes it even harder to detect and analyse. “It seems that this malware was created for targeted attacks on systems isolated from the internet,” comments Tomáš Gardo, ESET Malware Analyst.

“Because it is USB-based, the malware is capable of attacks on systems isolated from the internet without leaving any traces. So the victims don’t notice that their data were stolen,” Gardo says.
“Another feature which makes this malware unusual is that not only it is USB-based, but it is also bound to a single USB device since it is intended that the malware shouldn't be duplicated or copied. This makes it very difficult to detect and analyse.”

How to protect against this threat:

  • Do not use USB storage devices from non-trustworthy sources!
  • Turn off Auto-run – but that will not help if you click to execute the program
  • Format all ‘stray’ USBs on a sandboxed computer – if you don’t need the content
  • If you suspect a USB stick use it on a sandboxed computer with no important information on it
  • Be aware that targeted organisations will require someone to repatriate the device to the cyber-criminal. They pay well for this service.
  • Regularly backup your data
  • Ask your organisation to implement policies for external digital storage devices to avoid information theft
  • Warn colleagues and your organisation to carefully work with USB storage
  • If you have very sensitive data to protect, protect USB devices with ESET or another antivirus application that specifically checks USB drives


With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!


Popular News




Sponsored News