Forgot your password?
typodupeerror
Australia Data Storage Security IT

Two-Thirds of Lost USB Drives Carry Malware 196

Posted by samzenpus
from the bugs-everywhere dept.
itwbennett writes "Antivirus firm Sophos acquired a passel of USB sticks lost by commuters on trains in the Greater Sydney metro area at an auction organized by the Rail Corporation New South Wales. The company analyzed 50 USB sticks and found that not a single one was encrypted and 33 of them were infected with at least one type of malware."
This discussion has been archived. No new comments can be posted.

Two-Thirds of Lost USB Drives Carry Malware

Comments Filter:
  • Mac (Score:5, Insightful)

    by cyachallenge (2521604) on Wednesday December 07, 2011 @05:56PM (#38295960)
    FTA

    One interesting aspect of the results was that based on their data and formatting seven of the infected storage devices belonged to Mac OS X users or had been extensively used under this OS.

  • Truecrypt? (Score:3, Insightful)

    by shellster_dude (1261444) on Wednesday December 07, 2011 @05:56PM (#38295964)
    How would they know if it had been encrypted by something like Truecrypt which is designed to be invisible to prying eyes?
  • Encryption (Score:5, Insightful)

    by Hatta (162192) on Wednesday December 07, 2011 @05:58PM (#38295982) Journal

    The whole point of portable USB sticks is to access your data from strange computers. Plugging an encrypted USB stick into a strange computer completely defeats the point of the encryption. None of my USB sticks are encrypted; they don't need to be because they have no personal information on them.

  • Re:Truecrypt? (Score:5, Insightful)

    by mr1911 (1942298) on Wednesday December 07, 2011 @06:01PM (#38296016)
    TrueCrypt does not make invisible containers. It makes encrypted containers.

    There is an exception for the container hidden in an container, but that only offers plausible deniability as the existence of the larger container is obvious.
  • Conclusions (Score:5, Insightful)

    by Rudisaurus (675580) on Wednesday December 07, 2011 @06:01PM (#38296026)
    Conclusions you can draw from this study: people who ride transit and lose their USB memory stick while doing so are

    (a) unlikely to encrypt the contents of their memory stick, and
    (b) prone to malware infections

    I'm not certain that this group is representative of the general population, however.
  • by BitterOak (537666) on Wednesday December 07, 2011 @06:18PM (#38296236)

    .. they were lost by the 10% of commuters stupid enough to lose an USB stick.

    Why is this modded troll? Is it unreasonable to assume there might be some correlation between those people who are less careful with possessions and those who are less careful about encryption/malware, etc.? I'm not suggesting that it is impossible for a very careful person to drop something or have it fall through an unknown hole in the pocket, but at the same time, I don't think it is unreasonable to suspect that a population of those who left their USB sticks on the subway aren't necessarily perfectly representative of the population of USB stick users as a whole.

  • Re:Truecrypt? (Score:4, Insightful)

    by shellster_dude (1261444) on Wednesday December 07, 2011 @06:20PM (#38296260)
    Still, how would they know if some sort of stenography was being implemented, or if I had a Truecrypt volume called "ProgramA.bin"?
  • Re:Sample issues (Score:5, Insightful)

    by icebike (68054) on Wednesday December 07, 2011 @06:22PM (#38296276)

    This isn't lost USB sticks - this is USB sticks that were lost and weren't reclaimed long enough to end up in a transit authority auction.

    Auctioning these thing seems the height of irresponsibility. I wonder what legal ramifications there are for the Rail Corporation in releasing private information, (even if accidentally lost) to total strangers.

    From TFA:

    he Sophos researchers found personal information belonging to the former owners of the devices, as well as their families, friends and colleagues. The recovered files included images, documents, source code, audio files, video files, XML files and even AutoCAD drawings.

  • by The Mister Purple (2525152) on Wednesday December 07, 2011 @06:26PM (#38296338) Homepage
    That hadn't occurred to me. I wonder if the study included a security audit of the CityRail computers?
  • by icebike (68054) on Wednesday December 07, 2011 @06:27PM (#38296342)

    My thoughts exactly.

    None of these (256 meg to 8 Gig) were so valuable that their destruction would have been considered a huge waste, and the potential damage to the forgetful owner could be massive. You would think that the LEAST they could do was format them, which itself is far from fool proof. But releasing them intact just seems dumb, even if not illegal.

    he Sophos researchers found personal information belonging to the former owners of the devices, as well as their families, friends and colleagues. The recovered files included images, documents, source code, audio files, video files, XML files and even AutoCAD drawings.

  • Summary... (Score:5, Insightful)

    by Chelloveck (14643) on Wednesday December 07, 2011 @06:27PM (#38296344) Homepage
    Anti-virus vendor says there's yet another way to get a virus, and you need their product even more. Film at eleven.
  • by aix tom (902140) on Wednesday December 07, 2011 @06:50PM (#38296582)

    People who lose stuff are not necessarily more "stupid", but they are definitely more "careless"

    And yes, people who care enough to double-check all their possessions lose less than people who don't.

    And the people who double-check their possessions are probably also the ones who double-check their virus scanner and/or their encryption.

    It has little to do with "stupid". In fact, one of the stereotypes of a careless person is the highly intelligent "absent minded professor"

  • by nine-times (778537) <nine.times@gmail.com> on Wednesday December 07, 2011 @07:00PM (#38296712) Homepage
    It seems likely that people who are careless also lose things more often.
  • by jabberw0k (62554) on Wednesday December 07, 2011 @07:17PM (#38296896) Homepage Journal

    most lost USB sticks are being handed into lost property rather than being plugged into computers by users.

    100% of items handed in, have been handed in -- what a surprise! How do they track lost items that were not handed in? This is as accurate as Gracie Allen's telephone poll -- 100% of people she phoned, had a phone.

  • Re:Conclusions (Score:2, Insightful)

    by BasilBrush (643681) on Wednesday December 07, 2011 @07:28PM (#38297006)

    Conclusions you can draw from this study: people who ride transit...
    I'm not certain that this group is representative of the general population, however.

    You must be American.

Time sharing: The use of many people by the computer.

Working...