The average person's left hand does 56% of the typing
|
|
|
USB worms eat into security
HORRIBLE NASTY malware attacks are worming their way into enterprises via USB devices.
According to Pandalabs there has been a marked increase in the use of USB devices in offices, which correlates with an increase in malware attacks that exploit them.
During the slow, languid afternoons of summer, Pandalabs conducted a survey (PDF) among small and medium sized businesses in the UK, Latin America and North America.
Based on the survey, Pandalabs released its second SMB Security Barometer, in which it found that almost half of all businesses had been infected by a worm in the last year, with a third of these spreading via USB devices. This, it explained, accounted for a quarter of all respondents.
It fingered "any device[s] capable of storing information: cell phones, external hard drives, DVDs, flash memories, MP3/4 players, etc." as the hosts for these attacks, and urged firms to lock them down in order to stop them from spreading their malicious payloads.
Luis Corrons, technical director of PandaLabs warned that the ubiquity of the devices combined with the cavalier attitude of users to create a nightmare for systems, enterprises and indeed the world.
"At present, much of the malware in circulation has been designed to distribute through these devices. Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user. This has been the case with many infections we have seen this year, such as the distribution of the Mariposa and Vodafone botnets", he said, referring to those gittish chains of zombie computers that have caused so much havoc.
Speaking of havoc, USB-based malevolence was at the root of a significant attack on the US army in 2008, according to an article by William J Lynn, US Deputy Secretary of Defense in Foreign Affairs magazine.
Lynn said that the DoD "suffered a significant compromise of its classified military computer networks" when someone, he said "a foreign intelligence agency", put some code on a USB key and shoved it into the network.
"That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," he said, adding, "This previously classified incident was the most significant breach of U.S. military computers ever."
Careful Mr Lynn, that sounds like a challenge to us. µ
Share this:
Share
From a security perspective, yes, autorun is diabolical.
However, from an end user perspective, (and by that I mean those that use computers outside the IT industry) it used to be a god send.
Unfortunately many (most?) non-IT people really don't have a clue what to do with a new disc... Many still don't.
If the computer doesn't do anything when they insert their disc I've had users return them (both discs and drives) as "broken", when the reality was, autorun was disabled.
It's always a balancing act between security and user stupidity.
Unfortunately many of the features that make it really easy to use a computer, also present an unhealthily large attack surface :(
You need to load all the very latest Microsoft patches for your computer, including a fix for the disable-autorun feature sometimes letting autorun run after all, and I think a fix for the recent "Just looking at the folder contents in Windows Explorer harms your computer" vulnerability. And, yes, current anti-virus. Also, patch PowerPoint itself. Or... can you use OpenOffice? Not that it's totally safe either... and then you probably have to patch Java...
I saw a test of sample boxes of generic SD cards, 30 per box, from China. In a typical box 2 were formatted Fat32, 1 was completely dead, and 2 were infected with a virus and an autorun file. The remainder were formatted FAT16 and tested OK. The variety suggests an "irregular" origin too.
Obviously auto run needs to be killed. Most virus checkers will scan a new SD or other card plugged in automatically.
Sleeping with STD ridden whores will get you infected eventually no matter if you use condoms. Antivirus gives false sense of security. People need to learn and change their habits, not to stay ignorant and ask for more protection from themselves.
Two solutions in fact:
(1) Microsoft issues a patch that alters registry settings to defeat autorun by default;
(2) Businesses sysadmins should roll out the registry fix centrally, even before the patch becomes available.
I agree totally with bigger_luddite: autorun was a hostage to fortune from the very start, and should never have been a default. I am astonished that even with the benefit of hindsight, it is still the detault for latest Windows versions.
I have to use my own laptop computer for student MS Power Point presentations. As you can imagine I am not overly thrilled by the idea. I have created a general user account with auto-run turned off. I have also used the Parental Control feature to lock out this account from all programmes except MS Power Point. Will this protect my computer? If not, could someone please advise me what actions need to be taken to effectively secure my laptop? Thank you for your help.
Is there a way to scan your usb flash drives to clean them?
Making it the default, even stupider. Just the annoyance of having programs launch when inserting a CD is so far beyond ordinary stupidity that it could only have been deliberately done by the evil dimwits at M$.
If it's important to protect your systems, it's important to buy only truly secure USB Flash drives. SPYRUS makes drives that can be locked down to one or more PCs, so that they cannot be used outside of your organization. They also will prevent unauthorized flash drives from mounting. Finally, they are designed and manufactured in the USA in secure facilities using controlled parts, so that you don't need to worry that <insert has inserted a kill switch to be triggered when the cyberwar starts.
Data containment is what it's all about.