How autorun and keylogging programs compromise your USB safety: Internet Scambusters #432
Sneaky tricks using compromised flash drives prompt us to sound a USB safety alert.
Flash drives, thumb drives, pen drives, USB drives — call them what you will — may make portable computing and data storage a breeze but they can also carry a dangerous payload.
We explain how in this week’s issue, and send up a warning about the sale of cheap USB drives online.
Let’s check out today’s…
USB Safety Alert
While many people think of computer security as an Internet access issue, USB safety and scams relating to these popular “thumb drives” should not be overlooked.
Those rectangular USB ports on PCs have become an essential part of everyday computing.
We connect all manner of devices with them to store and transfer data, from hard drives to digital cameras.
But the USB storage devices, also sometimes known as “flash drives” or, in Europe, “pen drives,” pose a particular security threat because of their easy portability and increasing capacity.
They’re used to steal information, install malware on PCs and even for conning people into buying them when they’re next to useless.
And, as usual, the ingenuity of crooks pulling fast ones knows no boundaries.
For instance, the New York Times reported recently that employees of a company found a number of USB drives bearing the firm’s logo scattered around its parking lot.
Curiosity being what it is, several employees picked them up, took them into the office and plugged them into their PCs to see what was on them.
They found what appeared to be a document but when they clicked on the icon, it installed malware that was intended to steal confidential information directly from the company’s computer network.
USB Safety and Autorun
It’s not a giant leap to imagine some home users might do the same thing and infect their own machines with malware.
In fact, you wouldn’t necessarily have to do anything more than plug the device into your machine for it to become infected.
That’s because many Windows-based PCs are set to “autorun” when a disc or drive is newly connected to their machine.
As soon as you insert the drive, a small program runs, scanning the drive to see what’s on it.
If that program has been doctored, it may also invisibly install malware.
Fortunately, you can do something about this.
Windows 7 does not allow autorun on USBs but it will permit CDs and DVD to do so.
You can switch these off too, if you want, via Control Panel > All Control Panel Items > AutoPlay.
Microsoft has also begun to update earlier versions of Windows to similarly restrict autorun.
At the time of this writing, this was being offered as an optional update, with Microsoft promising to make it automatic — eventually.
The technical details are beyond the scope of this article, but you can find out more about it from Internet security firm F-Secure in their article, News of AutoRun’s Death Has Been Greatly Exaggerated.
The site also offers a link to a Microsoft page that explains how to totally disable the autorun feature.
Of course, if you have up-to-date Internet security software, this should also detect any attempt to install malware.
But not always… if you plug in the USB drive before you switch on your PC, a virus or spyware program could begin running before your malware protection kicks in.
And if anyone gives you a USB drive (or you find one!), have your autorun disabled and scan it for viruses before using it.
How Keyloggers Threaten USB Safety
A more blatant use of USB drives to steal information comes in the shape of key-loggers — malware programs that record every key press on a computer.
Computers in public and shared-use locations like libraries and colleges are especially vulnerable.
In a recent incident in the UK, a keylogging USB drive was found plugged into the back of a PC in a public library.
If it hadn’t been spotted by an assistant who was checking the machine’s connections, it would have collected all those keystrokes for the crook who, presumably, would have come along later and removed it.
The two key USB safety lessons here are: first, to do a quick visual check for thumb drives in any shared PC you use; and second, don’t key confidential information into “public” PCs.
Even if you don’t see a connected USB drive, the machine may still have a key-logger installed.
USB Drive Scams
As the data we use and store on our PCs grows, so too does our hunger for higher-capacity storage devices, including USB flash drives.
Crooks, mainly based in China, Hong Kong and India, have used the opportunity this creates for a scam by creating knock-off designs of well-known drives, chiefly the highly-reputable Kingston brand, and lying about their supposed capacity.
These phony devices sometimes do work but have nowhere near the capacity claimed on the label.
Devices with claimed capacities of 32, 64 and even 128 gigabytes are being sold online, when they really only hold 4 or 8 gig.
Buyers can’t necessarily tell because the scammers hack the devices so that they show the wrong, higher capacity even when you check this on your PC.
You don’t find out until you run out of space far earlier than you thought you would.
The giveaway on this USB scam is usually the price — a third or a quarter of what the genuine item would cost.
Time to repeat our favorite warning: “If it looks too good to be true, it probably is.”
This scam is the subject of a lot of debate on eBay forums, so check that site out for more information on what to look for and how to protect your interests.
Go to http://forums.ebay.com, click on the “Search” button and enter in “USB drives.”
Let’s face it, USB drives are a boon — especially as we so often move data between PCs, both in the home and between home and work.
They’re light and easy to use and transport. But that’s also their weakness — it makes them vulnerable and potentially expensive.
So, be cautious rather than curious with others’ drives, be wary when using shared machines, and don’t fall for those cheap “high capacity” drives. Those are our simple rules for USB safety first!
That’s all for today — we’ll see you next week.