Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

One in eight malware attacks are via a USB device, study shows

Of 700 000 recorded attacks monitored by Avast in the last week in October, 13.5% came through USB devices the researchers said.

The key attack point for malware is the AutoRun feature in Microsoft Windows operating systems, they said.

The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers, said Jan Sirmer, analyst at Avast Virus Lab.

"Cyber-criminals are taking advantage of people's natural inclination to share with their friends and the growing memory capacity of USB devices," he said.

Any infected USB device, but most commonly memory sticks, typically starts an executable file that pulls in a vast array of malware that is copied to Windows.

"In a work environment, staff will often bring in their own USB memory sticks to move files around," said Sirmer.

"This can bypass gateway malware scanners and leave the responsibility for stopping malware just on the local machines' antivirus software," he said.

Detecting AutoRun malware is complicated by the growing memory of USB devices and more complex obfuscation techniques, said Sirmer.

"This danger is poised to increase with the introduction of the new USB 3 standard. In parallel with these technological improvements, the writers of AutoRun malware are developing new code and ways to obfuscate their work," he said.

This story was first published by Computer Weekly