By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    What is a rootkit and how to remove it
    12 months ago
    The Mask – Unveiling the World’s Most Sophisticated APT Campaign
    12 months ago
    Regin APT Attacks Among the Most Sophisticated Ever Analyzed
    12 months ago
    Latest News
    Two privilege escalation vulnerability in Simple Membership Plugin
    11 hours ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
    7 days ago
    Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
    1 week ago
    Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    For 0-day vulnerabilities in Windows, temporary patches
    11 months ago
    Windows 11 22H2 (build 22621.317) outs in the Release Preview Channel
    12 months ago
    How to avoid problems installing Windows 11 22H2
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    7 months ago
    Now you can speed up any video in your browser
    7 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    8 months ago
  • How To
    How ToShow More
    How to get the latest Windows 11 innovations
    14 hours ago
    Dynamic Lighting is now available on Windows 11
    14 hours ago
    Writing poems using LLama 2 on Workers AI
    Writing poems using LLama 2 on Workers AI
    14 hours ago
    serverless GPU-powered inference on Cloudflare’s global network
    serverless GPU-powered inference on Cloudflare’s global network
    14 hours ago
    You can now use WebGPU in Cloudflare Workers
    You can now use WebGPU in Cloudflare Workers
    14 hours ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Checking the uniqueness of the logo
    11 months ago
    How to listen to Vkontakte music without restrictions?
    11 months ago
    The real sizes of countries on the map
    11 months ago
    Latest News
    How to install September 2023 update with 23H2 features for Windows 11
    19 hours ago
    How to uninstall September update (KB5030310) from Windows 11
    19 hours ago
    How to remove the quiet mode icon in the corner of the iPhone 15 screen ProiPhone 15 Pro and iPhone
    2 days ago
    Sberbank has figured out how to effectively catch scammers – it will listen to everything you
    2 days ago
  • Glossary
  • My Bookmarks
Reading: Don’t plug in random USB sticks
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Don’t plug in random USB sticks

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
6 Min Read

I am not sure about you, but [sarcasm on] my ABSOLUTE FAVORITE THING is opening my mailbox to find unsolicited mail. You know, junk mail [sarcasm off].

Raise your hand if you are with me.

OK, all kidding aside, no one likes to find unwanted things in their virtual or physical mailbox. Even so, marketing wonks will show that direct mail — even untargeted direct mail — will convert some people to paying customers.

So why are we talking marketing on a security blog?

Glad you asked. You see, police in Melbourne, Australia recently began warning citizens not to plug USB sticks that show up in mailboxes into their computers.

“The USB drives are believed to be extremely harmful, and members of the public are urged to avoid plugging them into their computers or other devices,” the police warned.

Police warn of malware-laden USB sticks dropped in letterboxes https://t.co/0klHtOxmBM

— The Register (@TheRegister) September 21, 2016

I guess the criminals thought, hey, it worked for AOL, when planning out this strategy to get people to install malware on their machines without having to resort to traditional cybercrime methods.

The tactic may seem quite old-fashioned, but it is actually not uncommon for businesses to be infected with targeted malware via a malicious USB dropped by an attacker in a parking lot. Earlier this year, we reported on a similar experiment researcher Elie Bursztein conducted to examine the results of dropping USB sticks around a college campus. A surprising 48% of those dropped were inserted into a computer.

By playing a numbers game, the criminals could have a good success rate. We hope the warning from the police came in time.

You receive a #USB in the mail. Do you insert it into YOUR computer?

— Kaspersky Lab (@kaspersky) September 22, 2016

Although this story happens to center on a city in Australia, it still highlights a piece of personal security that needs reinforcing now and then: Never plug unknown devices into your computer.

Sure, it may be easy to stereotype the people who would plug in these devices: uneducated, elderly, or non-savvy. That’s simply not the case. Bursztein’s test shows even digital natives on college campuses will give in to temptation and plug in a seemingly free device.

Autorun settings may take USB-borne malware to another level, too. If a computer is set up to run programs on USB drives automatically, plugging one in can start a chain reaction. If the payload is ransomware, for example, it will automatically lock files and leave the user looking for a ransomware decryptor or paying the crooks.

Other types of malware log keystrokes, steal sensitive information, or just bombard them with adware. Then there are the system killers.

Aside from the aforementioned bad things, people who plug found devices into their computers could also be setting themselves back a pretty penny by killing their devices.

It may sound quite the piece of science fiction, but it’s true: A USB device can fry a computer through the port. This month saw reports that USB Killer 2.0 was out for physical destruction. In principle, the device draws power into the device through the USB port and then shoots it back into the computer, causing the circuitry to fail. Computer pricing varies by model and power, but it’s safe to say no one really wants to have to buy a new one immediately.

But I have AV and will scan the device first…

Sure, antivirus software provides critical defense against malware. But we can’t let you go without sharing another problem with surprise USB drives: Malware may not be the only danger lurking on that piece of removable media.

As the old saying goes, possession is nine-tenths of the law. In the case of the found USB, this can have grave implications for the finder. Removable media could hold illegally obtained documents, illicit pictures, bank account information, and more. And though the finder may simply see things that, well, they cannot unsee, simply possessing some kinds of files could make them an accessory to a crime.

So: A quick show of digital hands, here. Who likes opening junk mail? Who thrills to the mystery of found media?

The real question should really be: Is it worth it?

If you have friends, family or coworkers who would insert the USB, please share this post with them. After all, they will probably be reaching out to you to help fix it.


Source: kaspersky.com

Translate this article

TAGGED: Authentication, Malware, PoC, Port scanning, RC4, Security, Software, Threats, YouTube
Vitus White October 13, 2022 September 30, 2019
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Two privilege escalation vulnerability in Simple Membership Plugin
Two privilege escalation vulnerability in Simple Membership Plugin
Wordpress Threats 14 hours ago
How to get the latest Windows 11 innovations
Windows 14 hours ago
Dynamic Lighting is now available on Windows 11
Windows 14 hours ago
Writing poems using LLama 2 on Workers AI
Writing poems using LLama 2 on Workers AI
Apps 14 hours ago
serverless GPU-powered inference on Cloudflare’s global network
serverless GPU-powered inference on Cloudflare’s global network
Apps 14 hours ago

You Might Also Like

Two privilege escalation vulnerability in Simple Membership Plugin
Wordpress Threats

Two privilege escalation vulnerability in Simple Membership Plugin

14 hours ago
Windows

How to get the latest Windows 11 innovations

14 hours ago
Writing poems using LLama 2 on Workers AI
Apps

Writing poems using LLama 2 on Workers AI

14 hours ago
serverless GPU-powered inference on Cloudflare’s global network
Apps

serverless GPU-powered inference on Cloudflare’s global network

14 hours ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
Critical Vulnerability in Forminator Plugin
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme
How to download Windows 11 22H2 ISO after 23H2 releases
Previous Next

10 New Stories

You can now use WebGPU in Cloudflare Workers
How to install September 2023 update with 23H2 features for Windows 11
How to uninstall September update (KB5030310) from Windows 11
Traffic anomalies and notifications with Cloudflare Radar
Sippy helps you avoid egress fees while incrementally migrating data from S3 to R2
the modern way to connect and protect your clouds, networks, applications and users
Previous Next
Hot News
Two privilege escalation vulnerability in Simple Membership Plugin
How to get the latest Windows 11 innovations
Dynamic Lighting is now available on Windows 11
Writing poems using LLama 2 on Workers AI
serverless GPU-powered inference on Cloudflare’s global network
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?