Sophos: 66% of lost USB drives are infected, none are encrypted

By on December 7, 2011, 5:30 PM

A little over a year ago, Avast released a report informing computer users about the increasing number of malware attacks targeting USB drives and Windows' AutoRun feature. The security outfit warned that out of 700,000 attacks on computers that voluntarily submitted data, one out of eight (13.5%) came from USB devices. Similar findings were published today.

Sophos researchers have tested 50 USB drives and found that two-thirds (33) were infected. The drives were purchased at a train company's lost property auction, so they were presumably owned by passengers before being misplaced. During testing, Sophos found 62 infected files and the worst drive contained six infected files representing four items of malware.

The fact that the drives were lost in the first place suggests that the original owners weren't the most attentive individuals, but it's alarming nonetheless. Not only were most of the drives infected, none of them were encrypted. Being the upstanding folks they are, Sophos didn't dig too deep, but it identified 4443 directly-accessible files that included the following info:

  • Lists of tax deductions.
  • Minutes of an activists' meeting.
  • School and University assignments.
  • AutoCAD drawings of work projects.
  • Photo albums of family and friends.
  • A CV and job application.
  • Software and web source code.

Sophos noted that although it didn't find any OS X-specific malware, nine of the keys seemingly belonged to Mac owners and seven were infected. In other words, Windows users shouldn't unconditionally trust USB drives that come from Apple users -- especially if they don't have an antivirus installed on their computer. Relatively few Mac owners use an antivirus.

Considering the high rate of malware, people have questioned whether some of the infected USB drives may have been deviously planted on the trains, but Ducklin doesn't buy that theory. "I strongly doubt it," he said. "In particular, the malware involved was mostly very prevalent, general-purpose, zombie stuff (there was even a Conficker in the 'other' category."

Ducklin answered the question with a question: "Why plant USB keys on trains (many of which don't get plugged in -- they get handed in to lost property, as we found) when you can just use the Internet and save yourself a lot of money?" "I think the malware prevalence tells a simple story of poor PC hygiene, rather than an esoteric story of deliberate hacker activity."

Sophos offered a few tips that should help keep you safe. Naturally, you should use an antivirus -- even on your Mac. There are plenty of freebies available for all platforms. Secondly, you should encrypt your private data, especially if you're going to transport it in public. Sophos offers a free encryption tool and there are plenty of others around, such as TrueCrypt.




User Comments: 7

Got something to say? Post a comment
Zecias said:

This is why i never use autoplay xD

Guest said:

Took some photos on my usb in for printing & found that my key had been infected.

In the end those boxes are just pc's anyway...

Keep your AV updated!

NTAPRO NTAPRO said:

Wish I could come across these USB drives. I could use the extra storage :P

Lokalaskurar Lokalaskurar said:

As for poor PC (and to some extent, Mac) hygiene; I'm not surprised. What concerns me is the fact that the train auction folk's didn't wipe the drives before they went onto auction

There were sensitive data on the drives, after all...

Guest said:

I heard of a security firm doing a test by dropping infected USB's in the parking lot. Now the infection only alerted the security firm that it was active and was not malware. Just install TrueCrypt and you can at least protect your personal data.

Vicenarian said:

or get a write-protected Kanguru USB drive and be perfectly safe?

Guest said:

panda usb vaccine for usb and pc's.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.