Malware-infected USB drives distributed at security conference

Malware-infected USB drives distributed at security conference

Summary: The folks at Australian mega-telco Telstra are wiping eggs from their faces after distributing malware-infected USB drives to attendees at this year's AusCERT security conference.AusCERT's marketing manager Claire Groves confirmed the USB sticks came certified pre-owned (thanks Dan Geer) and were given out at a tutorial at the conference.

SHARE:
39

Certified pre-owned: USB stick malwareThe folks at Australian mega-telco Telstra are wiping eggs from their faces after distributing malware-infected USB drives to attendees at this year's AusCERT security conference.

AusCERT's marketing manager Claire Groves confirmed the USB sticks came certified pre-owned (thanks Dan Geer) and were given out at a tutorial at the conference.

"It was only yesterday at (a) tutorial," she said. "Telstra handed out USB sticks which they didn't know were infected."

"As soon as they found out they recalled them," Groves added.

According to a SearchSecurity report, the malicious file was of the "autorun" variety, programmed to be run automatically when removable  drives are inserted into a computer.  According to estimates, about one-tenth  all malware is designed to use portable storage media, such as removable USB drives, as an attack and spread vector.

Hat tip to Drazen Drazic of the Beast or Buddha blog.

* Image credit: jacobgarcia's Flickr photostream (Creative Commons 2.0)

Topics: Hardware, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

39 comments
Log in or register to join the discussion
  • more reasons to go Linux

    When even the windoze security pros get infected, it's time to move on greener pastures like Linux.
    Linux Geek
    • Yeah, and then stop doing 90% of the work I do. No thanks..

      Again, obscurity does not equate to security. Haven't you zealots learn that yet.
      transposeIT
      • And what work would that be?

        nt
        tracy anne
    • more reasons to go Linux

      I agree, I made the switch from Microsoft to trouble free Linux in 1997.Until windows is rewritten with new code, it will still be an insecure piece of crapware..
      jestewart1
      • Oh, like Dvorak said months ago

        Computer Hell

        Unless the computer is re-architected from scratch, which will not happen in the next 100 years, we are set on a path of never-ending misery. Windows Vista proves it.

        John C. Dvorak
        PC Magazine
        Jan 29, 2007
        brian ansorge
    • yawn

      I use Linux, windows and Solaris at work. While *nix may be more secure, it's certainly not easier to use. As much as Ubuntu has raised the bar on the Linux UI, it's still got little glitches that drive me crazy.

      When I click on a tab to change terminals, i frequently have the tab become a separate terminal. Why? Because the UI thinks the the mouse is still down, and thus this is a drag event. When running Linux in Virtual Box, it's significantly slower than running XP or Vista in Virtual Box or virtual PC.

      Stability? I think Linux is a stable environment. But then I think XP and Vista are too. Has Windows locked up? It's rare, but it happens. Does Linux lock up? It's rare, but it happens.

      Just be happy that the masses aren't moving to linux, or you'd find out how quickly *nix flaws are exploited.
      notsofast
      • Well

        quote::I use Linux, windows and Solaris at work. While *nix may be more secure, it's certainly not easier to use. As much as Ubuntu has raised the bar on the Linux UI, it's still got little glitches that drive me crazy.


        Don't use Ubuntu then. Use Mandriva , it's Linux too, and more user friendly than Ubuntu, always has been. All my "Little Old Ladies" use Mandriva Linux, and none of them have any desire to learn the command line or even learn anything particularly technical about computers.
        tracy anne
  • RE: Malware-infected USB drives distributed at security conference

    Beast or Buddha!!! Best Infosec blog in the industry!
    FK1G
  • Actually, one of the better groups to distribute it to

    Who better to deal with the problem than security people?
    ejhonda
  • It doesn't get better than this

    Security experts inexplicably dispensing malware at a security enclave. Like lab scientists bringing a contagious and toxic vial to a medical consortium or focus group, when they meant to bring a harmless placebo. So who's your daddy now?

    Would love to know the extent of the damage done, and the required remedy called for in this case.
    klumper
  • Just turn off AutoRun

    ... you won't miss it.

    http://www.cert.org/blogs/vuls/2008/04/the_dangers_of_windows_autorun.html
    forrestgump2000
    • Thanks!

      Good to know.
      Azathoth
  • RE: Malware-infected USB drives distributed at security conference

    I recently read that 77% use their personal usb drives to remove authorized or unauthorized information from corporate computers. The survey also said that IT Directors surveyed felt that 35% did this, obviously someone is mis-informed. We have found that Advanced Systems USB Lock ST or RP provides a cost effective means to control USB ports and more. http://www.laptopsecuritysolutions.com/advanced_systems.htm
    tomg1234
  • If only someone would write a Linux virus... but nobody cares.

    <eom>
    Arapey
    • Maybe they can't...

      I find it hard to believe that it hasn't happened already...
      hasta la Vista, bah-bie
      • Reel 'im in

        Caught a big one there!
        Timpraetor
      • While not widespread, they already have.

        http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
        Furiousrog
        • Troll alert

          Arapey was trolling in that original post.
          Timpraetor
          • Troll Alert

            Not only that, he typed <eom> "end of message" which was how, in the old days, you posted to the Yahoo Comments before they canceled them due to trolling. If he was a regular here, he'd know that, and also that if he didn't want to post a message, he'd get NT = "no text." You gotta love it!:-D
            QueenMama
        • Unconvinced

          While I don't believe any OS is invulnerable, I've yet to see a massive deployment of these 'viruses' beyond the test labs of the major anti-virus companies.

          Of course the anti-virus companies will push the issue. That's money in their pockets.
          hasta la Vista, bah-bie