Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Australia Data Storage Security IT

Two-Thirds of Lost USB Drives Carry Malware 196

itwbennett writes "Antivirus firm Sophos acquired a passel of USB sticks lost by commuters on trains in the Greater Sydney metro area at an auction organized by the Rail Corporation New South Wales. The company analyzed 50 USB sticks and found that not a single one was encrypted and 33 of them were infected with at least one type of malware."
This discussion has been archived. No new comments can be posted.

Two-Thirds of Lost USB Drives Carry Malware

Comments Filter:
  • Re:Encryption (Score:5, Informative)

    by Anonymous Coward on Wednesday December 07, 2011 @06:06PM (#38296106)
    That's not the only point of USB sticks - they can also be used to syncronise two trusted computers at different locations. I use one for just this purpose. However, mine is encrypted.
  • by 1729 ( 581437 ) <slashdot1729&gmail,com> on Wednesday December 07, 2011 @06:20PM (#38296258)

    This is a routine trick in a security audit: drop some USB sticks in the employee parking lot, and see how many folks just plug it into their computer.

  • Re:Truecrypt? (Score:5, Informative)

    by black3d ( 1648913 ) on Wednesday December 07, 2011 @06:24PM (#38296308)

    Truecrypt isn't designed to be invisible at all. Aside from entirely encrypted drives, it's fairly obvious if someone HAS encrypted data. Truecrypt is about hiding that data via hidden paritions within outer encrypted containers, and plausible deniability.

    Truecrypt volumes are generally detectable:
    http://www.jadsoftware.com/?page_id=89 [jadsoftware.com]
    https://code.google.com/p/tcdiscover/ [google.com]
    And if the researchers discovered drives that are filled entirely with random data, then they know they're either securely formatted or encrypted, and would likely consider them the latter - if they're securely formatted the file system appears intact. If the entire drive is encrypted (or securely erased from the MBR up) then the FS is not intact, and it's a fair bet that the researchers are claiming they found all sticks with intact file systems, formatted to the same volume as the stick, with single partitions.

    As are those hidden within files:
    http://16s.us/TCHunt/index.php [16s.us]

    But - the reason for the ramble: Never make the mistake of thinking Truecrypt is invisible. It's not. What's "invisible" should be your second hidden volume within the Truecrypt container - if you've set it up correctly. And there have previously even been attacks on that, in the event attackers are able to gain access to the external container. Work on your plausible deniability. Don't rely on TC to do the work for you or you'll end up with leaks everywhere.
    http://www.schneier.com/paper-truecrypt-dfs.pdf [schneier.com]

  • by MurukeshM ( 1901690 ) on Wednesday December 07, 2011 @06:48PM (#38296546)
    They considered that angle. But then

    Ducklin said that the likelihood of the USB sticks being left on trains on purpose by hackers or penetration testers so they are picked up by corporate users and plugged into their work computers, is very low.

    "We didn't find any evidence to support the theory that the USB sticks had been deliberately planted," said Graham Cluley, a senior technology consultant at the company.

    "The malware involved was mostly very prevalent, general-purpose, zombie stuff," Ducklin explained. The security expert believes that this method of malware distribution is not even viable because most lost USB sticks are being handed into lost property rather than being plugged into computers by users.


Reactor error - core dumped!