In an earlier post on whitelisting, I related the news that the U.S. Army has imposed a ban on USB flash drives, among other forms of portable media. Wired reports the ban on "USB sticks, flash media cards, CDs and other removable storage" was the result of security concerns and the proliferation of malware.
Indeed, I had a personal encounter with this type of malware just this week. One of the tasks for the day involved my students installing OpenOffice for the Linux environment. Due to the throttling imposed by the download site on the rather large 135MB package, I had each group pass me a flash drive in order to get a copy of the free office suite from me.
Guess what. Three out of five flash drives handed to me were infected with some form of malware. This was obvious by the autorun file within the drives, which is typically used to run applications automatically. In these three cases, an unprotected and typically configured computer would have executed the malware once the infected flash drive is plugged in. Fortunately, I had just installed antivirus software on my newly formatted laptop, which picked up the problem.
I'm not alone though -- my experience was corroborated by researchers at Symantec, who have observed an upswing in USB-based malware.
One obvious solution would be to disable the AutoRun functionality for removable media. Actual steps vary between operating systems, and I must add that Windows Vista has no straight-forward option box to disable the Autorun feature. The presence of antivirus or whitelisting software will obviously help, though another possibility suggested by Symantec officials is for businesses to set policies to stop USB storage devices from being used in the first place.
Moving forward, what lessons does the above news bear for the rest of us, especially SMBs? Rather than limit our thinking of the threat posed by USB devices to that of employees making off with company files, we need to open our mind to the threat posed by USB storage devices and be positioned to defend against this attack vector.