madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Malware-infected USB drives distributed at security conference

By | May 23, 2008, 5:38am PDT

Summary: The folks at Australian mega-telco Telstra are wiping eggs from their faces after distributing malware-infected USB drives to attendees at this year’s AusCERT security conference. AusCERT’s marketing manager Claire Groves confirmed the USB sticks came certified pre-owned (thanks Dan Geer) and were given out at a tutorial at the conference. “It was only yesterday at (a) tutorial,” [...]

Certified pre-owned: USB stick malwareThe folks at Australian mega-telco Telstra are wiping eggs from their faces after distributing malware-infected USB drives to attendees at this year’s AusCERT security conference.

AusCERT’s marketing manager Claire Groves confirmed the USB sticks came certified pre-owned (thanks Dan Geer) and were given out at a tutorial at the conference.

“It was only yesterday at (a) tutorial,” she said. “Telstra handed out USB sticks which they didn’t know were infected.”

“As soon as they found out they recalled them,” Groves added.

According to a SearchSecurity report, the malicious file was of the “autorun” variety, programmed to be run automatically when removable  drives are inserted into a computer.  According to estimates, about one-tenth  all malware is designed to use portable storage media, such as removable USB drives, as an attack and spread vector.

Hat tip to Drazen Drazic of the Beast or Buddha blog.

* Image credit: jacobgarcia’s Flickr photostream (Creative Commons 2.0)

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Telstra Corp., AusCERT, Malware, USB Flash Drive, Conference, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 39 Talkback(s)

  • more reasons to go Linux
    When even the windoze security pros get infected, it's time to move on greener pastures like Linux.
    ZDNet Gravatar
    Linux Geek
    23rd May 2008
  • Yeah, and then stop doing 90% of the work I do. No thanks..
    Again, obscurity does not equate to security. Haven't you zealots learn that yet.
    ZDNet Gravatar
    transposeIT
    26th May 2008
  • And what work would that be?
    nt
    ZDNet Gravatar
    tracy anne
    21st Nov 2008
  • more reasons to go Linux
    I agree, I made the switch from Microsoft to trouble free Linux in 1997.Until windows is rewritten with new code, it will still be an insecure piece of crapware..
    ZDNet Gravatar
    jestewart1
    20th Nov 2008
  • Oh, like Dvorak said months ago
    Computer Hell

    Unless the computer is re-architected from scratch, which will not happen in the next 100 years, we are set on a path of never-ending misery. Windows Vista proves it.

    John C. Dvorak
    PC Magazine
    Jan 29, 2007
    ZDNet Gravatar
    brian ansorge
    20th Nov 2008
  • yawn
    I use Linux, windows and Solaris at work. While *nix may be more secure, it's certainly not easier to use. As much as Ubuntu has raised the bar on the Linux UI, it's still got little glitches that drive me crazy.

    When I click on a tab to change terminals, i frequently have the tab become a separate terminal. Why? Because the UI thinks the the mouse is still down, and thus this is a drag event. When running Linux in Virtual Box, it's significantly slower than running XP or Vista in Virtual Box or virtual PC.

    Stability? I think Linux is a stable environment. But then I think XP and Vista are too. Has Windows locked up? It's rare, but it happens. Does Linux lock up? It's rare, but it happens.

    Just be happy that the masses aren't moving to linux, or you'd find out how quickly *nix flaws are exploited.
    ZDNet Gravatar
    notsofast
    20th Nov 2008
  • Well
    quote::I use Linux, windows and Solaris at work. While *nix may be more secure, it's certainly not easier to use. As much as Ubuntu has raised the bar on the Linux UI, it's still got little glitches that drive me crazy.


    Don't use Ubuntu then. Use Mandriva , it's Linux too, and more user friendly than Ubuntu, always has been. All my "Little Old Ladies" use Mandriva Linux, and none of them have any desire to learn the command line or even learn anything particularly technical about computers.
    ZDNet Gravatar
    tracy anne
    21st Nov 2008
  • RE: Malware-infected USB drives distributed at security conference
    Beast or Buddha!!! Best Infosec blog in the industry!
    ZDNet Gravatar
    FK1G
    23rd May 2008
  • Actually, one of the better groups to distribute it to
    Who better to deal with the problem than security people?
    ZDNet Gravatar
    ejhonda
    23rd May 2008
  • It doesn't get better than this
    Security experts inexplicably dispensing malware at a security enclave. Like lab scientists bringing a contagious and toxic vial to a medical consortium or focus group, when they meant to bring a harmless placebo. So who's your daddy now?

    Would love to know the extent of the damage done, and the required remedy called for in this case.
    ZDNet Gravatar
    klumper
    23rd May 2008
  • Just turn off AutoRun
    ... you won't miss it.

    http://www.cert.org/blogs/vuls/2008/04/the_dangers_of_windows_autorun.html
    ZDNet Gravatar
    forrestgump2000@...
    24th May 2008
  • Thanks!
    Good to know.
    ZDNet Gravatar
    Azathoth
    21st Nov 2008
  • RE: Malware-infected USB drives distributed at security conference
    I recently read that 77% use their personal usb drives to remove authorized or unauthorized information from corporate computers. The survey also said that IT Directors surveyed felt that 35% did this, obviously someone is mis-informed. We have found that Advanced Systems USB Lock ST or RP provides a cost effective means to control USB ports and more. http://www.laptopsecuritysolutions.com/advanced_systems.htm
    ZDNet Gravatar
    tomg1234
    24th Jun 2008
  • If only someone would write a Linux virus... but nobody cares.
    ZDNet Gravatar
    Arapey
    19th Nov 2008
  • Maybe they can't...
    I find it hard to believe that it hasn't happened already...
    ZDNet Gravatar
    hasta la Vista, bah-bie
    20th Nov 2008
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here