USB Flash Drives can transmit viruses

Posted by
On December 30, 2008

EdTechUSBFlash-01.jpgHere is a cheerful thought for the new year. According to this article from Campus Technology, USB flash drives can transmit computer viruses simply by inserting them into an available USB port on a machine and letting the system access the “autorun” feature of the USB flash drive.

At one conference, around 50% of the attendees wound up with an infected USB flash drive. One company actually distributed infected flash drives at a security conference (if you can believe it).

I really like the convenience flash drives offer for transferring files between machines. It is great to have the portability and universality of flash drives (they work on both Mac and PC machines). I use them all the time. Now we are told that flash drives are rapidly becoming a major vector for computer malware distribution. In one experiment a security company scattered several infected flash drives in a parking lot and observed the behavior of the people who picked up the flash drives (the contained malware that transmitted sensitive data to the computers at the security company–the security company was being paid by a bank to audit the security).

Social engineering in a very important and useful tool in the arsenal of malicious hackers. They rely on innate human behaviors to enable the infection of machines with malicious code. Most of us don’t really think twice about inserting an unknown USB flash drive (which is essentially the new floppy disk) into a machine and seeing what is on it.

What does this have to do with education? Well, I’ve been involved in discussions with at least one faculty member about how students should submit assignments. For one class, students create substantially large files (20 MB or more) for their assignments. In a class of 20, this can amount to around 500 MB (or more). This doesn’t really sound like too much space at first. However, multiply this amount of storage space by the number of classes taught by the instructor and then multiply it again by the number of faculty on this campus. It quickly becomes a very large amount of storage space required for assignments (especially if the instructor desires to hang onto assignments for multiple semesters). One possible solution is to have students obtain a relatively inexpensive 2-4 GB flash drive that contains backups of their course files (the originals should be stored on a more permanent machine such as their desktop or laptop, of course). This flash drive is then turned into the instructor at the end of the semester for grading.

Now, the instructor has to rely on the student’s good behavior in handling that flash drive. Students may inadvertently infect their flash drives by inserting into an infected machine. This is then turned in to the instructor who will subsequently infect their own machine. The instructor has no idea where the student’s flash drive has been. The student may not even realize they are carrying an infected flash drive.

For more information on good security practices, visit the IT Help Desk’s Security page.

Finally, this is a little off topic, but if you do a Google images search for “usb flash drive“, you will see some really cool looking flash drives in all shapes, colors, and sizes. I would steer clear of the pill-shaped USB flash drives. However, I do like the “Swiss Army Knife USB Flash Drive”.

Posted by

On December 30, 2008. Posted in New Technology, Security