Handing Out USB Flash Drives Like Business Cards

This has been going on at trade shows for some time. They replaced the "free" cdrom.

Den tirsdag den 21. januar 2014 00.33.33 UTC+1 skrev snipped-for-privacy@gmail.com:

great way to distribute a virus, even if you turn off autorun a usb stick can pretend to be a cdrom and still autorun

-Lasse

Hmmmm....

great way to distribute a virus? you betcha recently received a usb stick from an ISP in my snail mail box. neat board. Board thickness same as the USB connector size, complete with memory chip. can be delivered at standard letter rates.

straight in the bin after I did a postmortem on the hardware, why chance it?

--
Don McKenzie 

All Olimex products now 30%+ off normal Olimex Prices. 

Now 50% OFF. Only $18 for an Olinuxino Linux PC: 
http://www.dontronics-shop.com/olinuxino.html 

The World's Cheapest Computer: 
DuinoMite the PIC32 $20 Basic Computer-MicroController 
http://www.dontronics-shop.com/the-maximite-computer.html 
Add VGA Monitor/TV, and PS2 Keyboard, or use USB Terminal 
Arduino Shield, Programmed in Basic, or C.

Great way to conduct espionage as well, as was recently discovered.

Sylvia.

Yep. That's how I got the only virus I've ever gotten--from a customer, giving me technical data on one of his company's logo'd USB sticks.

The virus still haunts the boot sectors of two computers I was too annoyed to ever reload.

I told him "Your USB drive trashed two of my computers." He said "Yeah, we've been seeing that."

Cheers, James Arthur

"Malware isn?t the only problem. USB drives are so small they?re easy t o lose. In 2008, for example, British dry cleaners found an estimated 9,000 forgotten USB memory sticks in people?s pants pockets, according to a re cent survey from Credant Technologies, a Texas data security company. In a separate survey, Credant found that more than 12,500 handheld devices, incl uding USB drives, get left behind in taxi cabs in London and New York every six months. If a lost or stolen USB drive contains sensitive personal information that ?s not encrypted or secure -- and a lot of data on USB devices isn?t, a ccording to security experts -- it opens the door for identity theft and ot her types of cyber crime."

The world is doomed.

Norton claims they can stop flash drive malware, worms, viruses, and whatev ers, also protect lost drive from being hacked:

On Mon, 20 Jan 2014 15:33:33 -0800 (PST), snipped-for-privacy@gmail.com Gave us:

We are not allowed to do any such thing in facilities with gov contracts.

On Tue, 21 Jan 2014 11:51:24 +1100, Don McKenzie Gave us:

That is why you keep an old, not-on-the-network PC around to use for checking out media like this.

You put it on the net to keep its stuff up to date, but not while using it as a detective.

On Monday, January 20, 2014 11:31:04 PM UTC-5, DecadentLinuxUserNumeroUno w rote:

Tell that to Bradley Manning and Edward Snowden, and then that Chinese guy who walked off with NASA's entire technical library on his laptop. Then the re was this dumb Iranian who never heard of sticks, unless he deliberately let himself be captured as a decoy:

iran

Yep, I've got a Linear Technology / Arrow one. One of my customers looked into doing it ~5 years ago.

--

John Devereux

hell, it can pretend to be a keyboard.

--
For a good time: install ntp 

--- news://freenews.netfront.net/ - complaints: news@netfront.net ---

Even greater way to carry away insane amounts of data. Micro sD 32GB cards are about optimal at present.

It is a recognised method for penetrating nominally secure networks. Drop a few choice malware infested USB sticks around the entrance to the target organisation or worse still give delegates infected USB freebies! Just don't get caught doing it or your reputation is shredded as has happened with NSA & GCHQ after Snowden spilled the beans.

There is always one wally that will plug an unknown provenance found drive into their works PC just to see what is on it. You can defend against these risks but few corporate sites are adequately protected.

Corporates for some reason seem to use some of the worst AV products in existence - slow and ineffective. I presume they get them very cheap.

Curiosity killed the cat and let the big bad wolf in.

--
Regards, 
Martin Brown

Yeah, automated or taking wifi direction.. But then any system, hard disk, keyboard, hard disk or printer could be part of an attack and not just in a passive way but actively. Why would you think the gear you already have doesn't have flea sized processors spying or waiting to be activated? Is there any security software that can check the operating code inside of a CDROM/DVDROM drive, operating code inside of a hard disk drive, operating code inside of a keyboard or piggy backed on some other component in your existing systems?

If you want to drop them around a company entrance, put that company's logo on it. Your chances of someone plugging it in go up dramatically. Put some email looking files on it and another file named "Salary and Performance Reviews.zip". You have a real good chance that zip will get opened....

--
Chisolm 
Republic of Texas

to lose. In 2008, for example, British dry cleaners found an estimated 9,0

00 forgotten USB memory sticks in people?s pants pockets, according to a recent survey from Credant Technologies, a Texas data security company. In a separate survey, Credant found that more than 12,500 handheld devices, in cluding USB drives, get left behind in taxi cabs in London and New York eve ry six months.

t?s not encrypted or secure -- and a lot of data on USB devices isn?t, according to security experts -- it opens the door for identity theft and o ther types of cyber crime."

evers, also protect lost drive from being hacked:

my experience with antivirus is that it seems the way they protect you from virus is by loading the cpu so hard that no code other than the virus scanner gets any run time ;)

-Lasse

yes it can pretend to be any usb device, but I think flash/dvd drive would be the most obvious choice the OS already have build support for automatically running code

-Lasse

LOL- or DownsizeContingencyRedundantEmployeesDir.zip

Keyboard imitation could work too. Have it fire up a browser and point it to your favourite malware infested site. Or have it pop up a command line window and explicitly run the malware also stored on the flash device.