By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    A Malware Classification -Kaspersky Daily
    8 months ago
    Superfish: adware preinstalled on Lenovo laptops
    8 months ago
    Russian-speaking cyber spies from Turla APT group exploit satellites
    8 months ago
    Latest News
    Triangulation: Trojan for iOS | Kaspersky official blog
    5 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
    5 days ago
    Safeguards against firmware signed with stolen MSI keys
    7 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    7 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro released and the 128 GB version already sold out at the online Microsoft Store [Updated]
    8 months ago
    Windows 11 build 22622.590 (KB5017846) outs in the Beta Channel
    8 months ago
    How to protect computer from virus and hackers on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    Nine years of Project Galileo and how the last year has changed it
    Nine years of Project Galileo and how the last year has changed it
    19 hours ago
    Dynamic data collection with Zaraz Worker Variables
    Dynamic data collection with Zaraz Worker Variables
    4 days ago
    Reduce latency and increase cache hits with Regional Tiered Cache
    Reduce latency and increase cache hits with Regional Tiered Cache
    5 days ago
    Cloudflare is deprecating Railgun
    Cloudflare is deprecating Railgun
    5 days ago
    What is two-factor authentication | Kaspersky official blog
    1 week ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Easter egg “I am a teapot” on Google
    8 months ago
    How to block ads with Adguard DNS in Android
    8 months ago
    How to reduce video quality in Chrome?
    8 months ago
    Latest News
    How to generate SSH keys on Windows 11
    9 hours ago
    How to enable file sharing on WSA for Windows 11
    9 hours ago
    How to add CPU, GPU, RAM widgets on Windows 11
    5 days ago
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: Don’t plug in random USB sticks
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Don’t plug in random USB sticks

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
6 Min Read

I am not sure about you, but [sarcasm on] my ABSOLUTE FAVORITE THING is opening my mailbox to find unsolicited mail. You know, junk mail [sarcasm off].

Raise your hand if you are with me.

OK, all kidding aside, no one likes to find unwanted things in their virtual or physical mailbox. Even so, marketing wonks will show that direct mail — even untargeted direct mail — will convert some people to paying customers.

So why are we talking marketing on a security blog?

Glad you asked. You see, police in Melbourne, Australia recently began warning citizens not to plug USB sticks that show up in mailboxes into their computers.

“The USB drives are believed to be extremely harmful, and members of the public are urged to avoid plugging them into their computers or other devices,” the police warned.

Police warn of malware-laden USB sticks dropped in letterboxes https://t.co/0klHtOxmBM

— The Register (@TheRegister) September 21, 2016

I guess the criminals thought, hey, it worked for AOL, when planning out this strategy to get people to install malware on their machines without having to resort to traditional cybercrime methods.

The tactic may seem quite old-fashioned, but it is actually not uncommon for businesses to be infected with targeted malware via a malicious USB dropped by an attacker in a parking lot. Earlier this year, we reported on a similar experiment researcher Elie Bursztein conducted to examine the results of dropping USB sticks around a college campus. A surprising 48% of those dropped were inserted into a computer.

By playing a numbers game, the criminals could have a good success rate. We hope the warning from the police came in time.

You receive a #USB in the mail. Do you insert it into YOUR computer?

— Kaspersky Lab (@kaspersky) September 22, 2016

Although this story happens to center on a city in Australia, it still highlights a piece of personal security that needs reinforcing now and then: Never plug unknown devices into your computer.

Sure, it may be easy to stereotype the people who would plug in these devices: uneducated, elderly, or non-savvy. That’s simply not the case. Bursztein’s test shows even digital natives on college campuses will give in to temptation and plug in a seemingly free device.

Autorun settings may take USB-borne malware to another level, too. If a computer is set up to run programs on USB drives automatically, plugging one in can start a chain reaction. If the payload is ransomware, for example, it will automatically lock files and leave the user looking for a ransomware decryptor or paying the crooks.

Other types of malware log keystrokes, steal sensitive information, or just bombard them with adware. Then there are the system killers.

Aside from the aforementioned bad things, people who plug found devices into their computers could also be setting themselves back a pretty penny by killing their devices.

It may sound quite the piece of science fiction, but it’s true: A USB device can fry a computer through the port. This month saw reports that USB Killer 2.0 was out for physical destruction. In principle, the device draws power into the device through the USB port and then shoots it back into the computer, causing the circuitry to fail. Computer pricing varies by model and power, but it’s safe to say no one really wants to have to buy a new one immediately.

But I have AV and will scan the device first…

Sure, antivirus software provides critical defense against malware. But we can’t let you go without sharing another problem with surprise USB drives: Malware may not be the only danger lurking on that piece of removable media.

As the old saying goes, possession is nine-tenths of the law. In the case of the found USB, this can have grave implications for the finder. Removable media could hold illegally obtained documents, illicit pictures, bank account information, and more. And though the finder may simply see things that, well, they cannot unsee, simply possessing some kinds of files could make them an accessory to a crime.

So: A quick show of digital hands, here. Who likes opening junk mail? Who thrills to the mystery of found media?

The real question should really be: Is it worth it?

If you have friends, family or coworkers who would insert the USB, please share this post with them. After all, they will probably be reaching out to you to help fix it.


Source: kaspersky.com

Translate this article

TAGGED: Authentication, Malware, PoC, Port scanning, RC4, Security, Software, Threats, YouTube
Vitus White October 13, 2022 September 30, 2019
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

How to generate SSH keys on Windows 11
News 12 hours ago
How to enable file sharing on WSA for Windows 11
News 12 hours ago
Nine years of Project Galileo and how the last year has changed it
Nine years of Project Galileo and how the last year has changed it
Apps 19 hours ago
Dynamic data collection with Zaraz Worker Variables
Dynamic data collection with Zaraz Worker Variables
Apps 4 days ago
How to add CPU, GPU, RAM widgets on Windows 11
News 5 days ago

Recent Posts

  • How to generate SSH keys on Windows 11
  • How to enable file sharing on WSA for Windows 11
  • Nine years of Project Galileo and how the last year has changed it
  • Dynamic data collection with Zaraz Worker Variables
  • How to add CPU, GPU, RAM widgets on Windows 11

You Might Also Like

News

How to generate SSH keys on Windows 11

12 hours ago
Nine years of Project Galileo and how the last year has changed it
Apps

Nine years of Project Galileo and how the last year has changed it

19 hours ago
Dynamic data collection with Zaraz Worker Variables
Apps

Dynamic data collection with Zaraz Worker Variables

4 days ago
Reduce latency and increase cache hits with Regional Tiered Cache
Apps

Reduce latency and increase cache hits with Regional Tiered Cache

5 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

Reduce latency and increase cache hits with Regional Tiered Cache
Cloudflare is deprecating Railgun
Triangulation: Trojan for iOS | Kaspersky official blog
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Previous Next
Hot News
How to generate SSH keys on Windows 11
How to enable file sharing on WSA for Windows 11
Nine years of Project Galileo and how the last year has changed it
Dynamic data collection with Zaraz Worker Variables
How to add CPU, GPU, RAM widgets on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?