1 in 8 malware attacks come from USB device

By

AutoRun is the key attack point.

Research has found that one out of every eight attacks on computers enters via a USB device.

The AutoRun feature in Microsoft Windows operating systems has been named as the key attack point. Jan Sirmer, analyst at the Avast Virus Lab, said that while AutoRun is a really useful tool it is also a way to spread more than two-thirds of current malware.

He said: “The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers, which were also spread via infected memory sticks. Cyber criminals are taking advantage of people's natural inclination to share with their friends and the growing memory capacity of USB devices. Put these two factors together and we have an interesting scenario.”

Avast, who conducted the research, said that when a USB device starts an executable file it then invites a wide array of malware into the computer. The incoming malware copies itself into the core of the Windows OS and can replicate itself each time the computer is started. The generic detection term for this type of worm is 'INF:AutoRun-gen2 [Wrm]'.

Sirmer said: “In a work environment, staff will often bring in their own USB memory sticks to move files around. This can bypass gateway malware scanners and leave the responsibility for stopping malware just on the local machines' anti-virus software.

“Detecting AutoRun-gen2 is complicated by the growing memory of USB devices and more complex obfuscation techniques. A full scan can take up to an hour for a one terabyte device, so people will skip this entirely or just go for a quicker on-access scan.

“This danger is poised to increase with the introduction of the new USB 3.0 standard. In parallel with these technological improvements, the writers of AutoRun malware are developing new code and ways of how to obfuscate their work. Once I found ‘y0u c4nt st0p us' in the middle of some code; they know they are in the lead.”

See original article on scmagazineus.com


Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Log In

  |  Forgot your password?