One in eight malware attacks are via a USB device, study shows

A growing number of malware attacks are using plug-in USB devices, according to researchers at security firm Avast Software.

A growing number of malware attacks are using plug-in USB devices, according to researchers at security firm Avast Software.

Of 700,000 recorded attacks monitored by the firm in the last week in October, 13.5% came through USB devices the researchers said.

The key attack point for malware is the AutoRun feature in Microsoft Windows operating systems, they said.

The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers, said Jan Sirmer, analyst at Avast Virus Lab.

"Cyber-criminals are taking advantage of people's natural inclination to share with their friends and the growing memory capacity of USB devices," he said.

Any infected USB device, but most commonly memory sticks, typically starts an executable file that pulls in a vast array of malware that is copied to Windows.

"In a work environment, staff will often bring in their own USB memory sticks to move files around," said Sirmer.

"This can bypass gateway malware scanners and leave the responsibility for stopping malware just on the local machines' antivirus software," he said.

Detecting AutoRun malware is complicated by the growing memory of USB devices and more complex obfuscation techniques, said Sirmer

"This danger is poised to increase with the introduction of the new USB 3 standard. In parallel with these technological improvements, the writers of AutoRun malware are developing new code and ways how to obfuscate their work," he said.

USB safety tips

• Be aware. Around 60% of malware can now be spread via USB devices. This is an under-appreciated threat to home and business computers.

• Do not start attached. Turning on a PC with a USB device attached can result in malware being loaded directly to the computer ahead of some antivirus software.

• Scan first, look second. Make sure "on-access auto-scans" are enabled in your antivirus program.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.