Infected USB keys a threat to business IT networks, Sophos warns

Businesses have been warned to remain wary of stray USB keys after an experiment conducted by security firm Sophos found that a majority of random keys left on public transported contained malicious software.

The experiment comes just 18 months after computer giant IBM suffered an embarrassing failure last year when a small number of USB keys handed out at its Australian conference were confirmed to have contained a piece of malware.

In Sophos’ new experiment, the company obtained 50 USB keys that were left in the lost and found section of Sydney’s CityRail system. It then examined each one – 66% were found to have contained at least one piece of malware.

Sophos head of technology in Asia-Pacific, Paul Ducklin, says he was surprised the number of infected keys was so high.

“It’s not dramatic, it’s not the end of the world, but I was surprised. I thought it’d probably be about 25%, but when it was two-thirds, I thought, this doesn’t reflect very well on our collective attitude to malware.”

The other surprising find was that none of the keys appeared to have any sort of encryption.

“Even when there were files on these keys that could have given away limited information, there was no encryption. I would have been able to find out some information about what was going on here.”

“At some point, the owners of these keys that are sharing a whole photo album or other information, they should have thought that all of this information could have revealed some private details.”

At least one of the keys contained a copy of the Conficker virus – a major virus that brought down thousands of computers in the past few years, including those in Government departments worldwide.

And while Ducklin says the experiment isn’t a major one – and he admits the sample size is small – he nevertheless says it’s a reminder for businesses they need to lock down their networks from foreign USB keys that don’t have any sort of encryption.

“The primary way malware gets into organisations is by spreading through networks. It can spread via the internet, but the main way it occurs is through USB keys.

“USB keys are doing a lot of dirty work and that’s why businesses need to watch out for them.”

Ducklin also says any individuals using a USB key need to apply some sort of encryption, even if they’re using a Mac.

“There may be some people who think they don’t need encryption or virus software because they’re using a Mac. But the keys we found that appeared to have come from Mac users – at least some of them were infected.”

“None appeared to be using encryption. Somehow, I think if the people who owned these keys knew they were being analysed, they would change their minds.”

COMMENTS