One social engineering tactic that hackers use is to try to get infected USB memory sticks into potential target’s hands. They have been known to drop them outside target businesses, mail them unsolicited to corporate employees as a “gift” and also give them away as “promo” trinkets.
Hackers place malicious software on the memory stick and make it executable. Hackers hope that the machines that they are installed on have “autoplay/ autorun” enabled. Once you put the USB stick into your computer, it installs the malware. This is usually a back door or some other type of program that connects to the hacker’s machine from your workstation.
Well, you would think getting one of these USBs at a security conference, from a major vendor would be pretty safe. Not always it seems, last week, IBM inadvertently gave out malware infected USB sticks at a security conference. According to The Register, IBM apologized and released this letter:
At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected.
The malware is detected by the majority of current Anti Virus products [as at 20/05/2010] and been known since 2008.
The malware is known by a number of names and is contained in the setup.exe and autorun.ini files. It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.
Please do not use the USB key, and we ask that you return it to IBM at Reply Paid 120, PO Box 400, West Pennant Hills 2120.
The best policy is to not put unknown USB sticks into your machines. Also, if not specifically needed, make sure you have autoplay turned off on your system, especially servers. Some newer operating systems have this off by default, and good corporate security policies have this turned off. If you need to turn autoplay off, a tutorial on changing group policy can be found at How-to Geek or in Windows 7, see Techtalkz.