Sophos research: Beware USB drives abandoned on Sydney Commuter Train of Pestilence

Sophos finds Australian commuters lose lots of USB drives, have 'poor PC hygiene '

Stop crying about that flash drive you lost

Analysts from Sophos did something interesting in Australia recently: They went to the Sydney train station and took away three big bags of USB flash drives left by riders on commuter trains into and out of Sydney.

They returned the lost thumb drives to lost and found, but not without pulling out a sample of 50 to see how secure the drives were, how sensitive the data and how likely it would be that someone who randomly picked up a lost thumb drive could end up with hyper-valuable insider information.

What the Sophos researchers found was malware on two-thirds of the drives. What they didn't find were passwords.

Of the 50 drives they analyzed, ranging from 256 MB to 8GB in size, 66 percent were infected with at least one form of malware; many were infected with more than one. None was encrypted or protected by even a password to keep their data from being stolen.

Most surprisingly, seven of the 33 infected drives either belonged to MacOSX users or had been used with Macintosh computers primarily.

That shoots down the assumption Windows users may have that data or data-storage media from Apple users are safe, or at least less likely to be infected than the same kind of storage from a Windows user according to Paul Ducklin, Sophos' head of technology in the Asia/Pacific region.

None of the drives held critically sensitive data, though many did have personal data on the drive owners and on their family and friends.

Most of the malware was the kind commonly found in spam email and other malware-infection vectors. None looked as if they'd been planted deliberately to spread the malware.

All looked as if the owners just didn't care enough about the USB drives, the data on them or the likelihood of carrying viruses around with them to scan the drives for malware, encrypt stored files or even put on a password to keep out the most casual attempts at intrusion.

"Sadly, I think the malware prevalence tells a simple story of poor PC hygiene," Ducklin concluded.

The result probably won't teach a lesson to those whose USB storage handling is a little unclean.

It should teach both IT and department managers that the music, smartphone and storage devices employees bring in are far more likely to be infected by malware than email that makes it through spam and AV filters inside the corporate firewall.

USB drives are hand carried by employees past the firewall, however, and plugged directly into computers with solid access rights the malware can use to infect not only that machine, but desktops and servers one, two or even three network hops away.

USB keys may be the best source of malware infections on your network. If you're having a lot of trouble with repeated infections, try making users scan USB drives before anything can come off them onto the network.

It won't solve your problem, but it may block a lot of the virii that show up on the network without IT or security knowing where they came from.

Oh, and stay off the commuter trains going in and out of Sydney. With that high a percentage of malware on the USB drives, there's no telling what else you might catch.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies