1 in 8 malware attacks come from USB device

Research has found that one out of every eight attacks on computers enters via a USB device.

The AutoRun feature in Microsoft Windows operating systems has been named as the key attack point. Jan Sirmer, analyst at the Avast Virus Lab, said that while AutoRun is a really useful tool it is also a way to spread more than two-thirds of current malware.

He said: “The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers, which were also spread via infected memory sticks. Cyber criminals are taking advantage of people's natural inclination to share with their friends and the growing memory capacity of USB devices. Put these two factors together and we have an interesting scenario.”

Avast, who conducted the research, said that when a USB device starts an executable file it then invites a wide array of malware into the computer. The incoming malware copies itself into the core of the Windows OS and can replicate itself each time the computer is started. The generic detection term for this type of worm is 'INF:AutoRun-gen2 [Wrm]'.

Sirmer said: “In a work environment, staff will often bring in their own USB memory sticks to move files around. This can bypass gateway malware scanners and leave the responsibility for stopping malware just on the local machines' anti-virus software.

“Detecting AutoRun-gen2 is complicated by the growing memory of USB devices and more complex obfuscation techniques. A full scan can take up to an hour for a one terabyte device, so people will skip this entirely or just go for a quicker on-access scan.

“This danger is poised to increase with the introduction of the new USB 3.0 standard. In parallel with these technological improvements, the writers of AutoRun malware are developing new code and ways of how to obfuscate their work. Once I found ‘y0u c4nt st0p us' in the middle of some code; they know they are in the lead.”

See original article on scmagazineus.com