Don’t Pick Up That Stray USB Flash Drive. It Could Be Dirty! – Tech Thursday
From the "Look what I found in the parking lot" security department, comes a story of a new way to try and get people to infect themselves with malware or a trojan horse program on their computer. It seems some clever people left some USB flash drives in a parking lot hoping for someone to find them and take them home and plug them into their computers and then steal their data.
DSM, a multinational Chemical company, was the target of this kind of attack. The attackers left the USB flash drives in the company parking lot hoping someone would take it to their work desk and plug it in to see what was on it. Instead, some very smart employees decided to take it to the company's IT department where they checked it out and found the malware.
The malware was designed t0 steal data from the machine it was plugged into and then send it to a remote site. The likely target was probably password data so the attackers could get into the company's network to steal even more data, infect more of their machines, or even hold their network hostage. But because the employees had an idea about computer security, it didn't work out too well for the attacker.
So when you see a USB drive just sitting there in the parking lot, don't pick it up hoping to find someone's girlfriend's dirty pictures for you to look at. It could be an attack from someone hoping to get lucky. But if you have an old machine that isn't on your network and you don't mind reformatting it later, sure, why not take a peek and see what's on it. Just don't be upset if it doesn't have naked pictures of women on it. If it is legit, then be the nice guy and try and return it to it's owner.