09 Nov 2010

USB devices favored by cyber criminals

According to an antivirus company, USB devices are responsible for 12.5 percent of computer attacks, which exploit the Windows AutoRun function.

In one week last month, the company recorded 700,000 attacks on its users’ computers. One out of every eight attacks came from USB devices. The company said the attacks exploit Windows’ AutoRun feature, which alerts users when a USB device, such as a flash drive, is inserted into the computer. It provides the user with a list of applications with which they can run the files on the device.

"AutoRun is a really useful tool, but it is also a way to spread more than two-thirds of current malware,” said Jan Sirmer, a virus analyst for the company in a blog post. "Cyber[ ]criminals are taking advantage of people's natural inclination to share with their friends and the growing memory capacity of USB devices. Put these two factors together and we have an interesting scenario."

The Stuxnet botnet is one of the most notable malware strains to spread via USB ports. Stuxnet made headlines when it infected computers in an Iranian nuclear power plant, where it had spread through an infected flash drive.