Monday, July 23, 2007

New Risks in Using USB Flash Drives

Cybercriminals are increasingly targeting portable USB drives as a way of spreading viruses, according to security experts.

ARC Training has long warned about the dangers of such devices being used by employees to steal information. - a typical 4Gb client database can be copied in about 6 minutes with most off-the-shelf sticks and only a small percentage of companies exercise any control over these devices – but now hackers have created malware programs that specifically target removable drives.

Examples of infectious malware seen in recent weeks include a Trojan than permanently deletes data from a users computer and another that purports to provide information about HIV/AIDS, while infecting the PC.

Security experts at Sophos advise that users disable the autorun facility of Windows so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC. Any storage device which is attached to a computer should be checked for virus and other malware before use. Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code which could infect the computers of innocent users.

These, and other IT security issues, are discussed in Security Management Stage 1.