This blog intends to educate the general public about the security risks pertaining to pen drives (aka USB sticks/drives, thumb/removable drives), data storage devices that can store text, images, music, videos, etc., and ways of mitigating the risks.
These devices come in handy when the user wants to transfer data between computers. They’re small in size but can hold large amounts of data. However, the utility and ubiquity of pen drives introduce significant security risks.
Pen drives pose a major security challenge to IT administrators. Some surveys indicate that 70% of businesses have reported loss of data through USB. Being small, pen drives can easily be misplaced or stolen and, if data is not backed up, it can mean loss of hours of hard work. An even bigger challenge is to prevent infection through already infected USB drives.
The Autoplay feature in Windows is the key route to automatically infect PCs as soon as the infected pen drives are plugged-in. This autoplay feature causes removable media such as pen drives, CDs, etc. to open automatically when they are inserted into a computer.
Hackers and autorun worms use the autoplay feature to run malicious executables from removable drives. USB as an infection vector is not new; many older but infamous families of malware, notably Conficker, Sality and Gamarue use USB as part of their infection vector.
It is to be noted that many computers still have Windows XP, for which Microsoft withdrew support in April 2014, installed. Windows XP is popular among PC users especially in India, and has the autoplay feature enabled by default. Thus they are at greater risk of an autorun infection on their system than users who have updated their computer’s OS to recent versions of the Windows Operating System such as Windows 7. It is interesting to mention that most of these autorun worms originated in Asia.
Pen drives also provide an opportunity for malware to spread to stand-alone computers that are not connected to any network. The person carrying the infected pen drive, knowingly or unknowingly, bridges the air gap between the stand-alone computer and the network. It is of high probability that a pen drive used on one infected system (provided the infection on the system is capable of spreading itself) gets itself infected, thus spreading the infection to healthy computers when simply inserted into them.
Hence we advise users to practice one or more of the following recommendations to overcome the risks associated with using pen drives:
- Scan the pen drives for malware after sharing with your friends or family as a precaution against infections. Even if you have an up-to-date, reputable Anti-Virus Security product installed on your computer, your friends and family might not on theirs.
- Avoid using pen drives on public computers, e.g. at Internet cafes.
- If you have not already done so, install a world-class, up-to-date antivirus product like K7 Total Security.
- Use the autoscan feature, if any, in your Anti-Virus product to automatically scan all USB drives as they are connected to the system. Also schedule frequent, automatic scans on your PC to keep it infection-free.
- To prevent loss or theft of data, you may block USB devices from being used on your system. K7 Total Security has features to block pen drives and restrict read-write access to USB drives.
- Vaccinate your pen drive to ensure that it does not get infected by an Autorun worm even if it is used on an infected machine.
Images courtesy of:
Manager – K7 Support