USB Devices Responsible for 1 in 8 Malware Attacks
Study by security software developer AVAST finds that hackers are exploiting the AutoRun function in portable USB flash memory devices to infect PCs and mobile devices.
USB devices are handy, powerful and convenient. They're also a major headache for IT security administrators because they're almost impossible to police and they can spread malware like wildfire.
Security software developer AVAST Software did some monitoring and research and came to the conclusion that roughly one in eight of the 700,000-plus malware incidents it identified this year were the direct result of tainted USB devices.
Researchers said the prime vulnerability is found in the "AutoRun" feature in the Microsoft Windows operating system. AutoRun alerts computer users when a new device, such as a memory stick is connected and is designed to help them choose which application should run with the new files.
"AutoRun is a really useful tool, but it is also a way to spread more than two-thirds of current malware," Jan Sirmer, a security analyst at AVAST, said in the report. "The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers."
"Cybercriminals are taking advantage of peoples natural inclination to share with their friends and the growing memory capacity of USB devices," he added. " Put these two factors together and we have an interesting scenario."
To IT administrators, there's nothing interesting about a USB leak that exposes intellectual property or gives hackers an opening to spread malware throughout their corporate networks.
As more and more employees familiarize themselves with the legitimate benefits of USB sticks and other portable devices that they connect -- authorized or not -- to their company-issued PCs and mobile devices, the bigger the threat.
Leading security software vendors, including McAfee (NYSE: MFE) and Symantec (NASDAQ: SYMC), have issued numerous advisories warning companies and consumers of the inherent security risks of allowing workers to drag in all these portable storage and media-sharing devices to the office.
AVAST researchers said that USB storage devices infected by the INF:AutoRun-gen2 virus were wreaking havoc in the enterprise, infecting not only the device they connect to, but the entire network of PCs and mobile devices sharing the same local-area connections.
It's not just USB sticks that are gumming up the works. Smartphones, digital cameras and MP3 players are just as insecure and there's an alarming lack of supervision within most companies that's allowing these security threats to promulgate.
"In a work environment, staff will often bring in their own USB memory sticks to move files around, Sirmer said. "This can bypass gateway malware scanners and leave the responsibility for stopping malware just on the local machines antivirus software."
Between 2000 and 2009, security researchers found that portable storage and media player devices were largely responsible for an exponential increase in new security signatures issued by leading security software vendors. Symantec alone said the number of new signatures --essentially the fixes for the malware leaks -- rose from 1,500 in 2000 to more than 2.5 million last year.
Security consulting and research firm the Ponemon Institute found that more than 800,000 data-sensitive devices, including USB drives, portable hard drives and laptops, were compromised last year.
AVAST researchers claim that more than 60 percent of all malware in circulation can be spread via USB drives and advises consumers and enterprises to make sure their AV applications are configured to immediately conduct auto-scans of any device connected to a PC or mobile device once their attached to the network.
To keep up-to-date with portable storage threats, follow eSecurityPlanet on Twitter @eSecurityP.