Secure USB Drive

If we needed any further reminders, new data has shown that malware which exploits the Windows Autorun vulnerability accounts for more than 35% of the top 10 global infections so far this year.  This is more than double the proportion found in the second half of 2008.

The key findings from Microsoft’s Security Intelligence Report Version 7 show that the Conficker worm, along with a Trojan called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers respectively. 

Taterf is notable in that it spreads only via Autorun, and of course Autorun is one of the vectors by which Conficker can spread. 

While our Cruzer Enterprise secure flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, it’s worth remembering that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames. 

We suggest being cautious in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.

Earlier this year we posted on this blog about the continued rise of malware that exploits the Windows AutoRun feature to replicate onto removable media, such as USB thumb drives.  As we saw just a couple of weeks ago, a UK local government body suffered significant problems and incurred high costs as a result of a Conficker infection, which uses this exploit.

Of course, our Cruzer Enterprise flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, because they will quarantine and destroy the malware if copied onto the drive. 

But it’s also worth a reminder that that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames.  While disabling Windows AutoRun is possible, it’s also inconvenient for users to manually launch a portable device or program they may need. 

We would suggest exercising extreme caution in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.  These measures will help to minimise any risks.

Our anti-virus partner McAfee has released its Q2 Threats Report (PDF at link), and like the company’s Q1 report from earlier this year, it is sobering reading. 

The report says that spam volumes have increased by 140% since March, driven by major growth in botnet activity.  14 million new computers became parts of botnets in Q2 (that’s more than 150,000 per day), an increase of 16% over the previous quarter.

McAfee also reported growth in password-stealing Trojans, which is more proof that making money from illegal activity on the Internet is now a focus for criminal gangs.

The company also reported a surge in so-called Auto-Run malware, which exploits Windows’ Auto-Run capabilities and is most commonly spread via USB and portable devices.  As you’ll know, our Cruzer Enterprise with onboard McAfee AV can prevent the spread of malware via this vector, helping to protect corporate networks against this fast-emerging threat.

A major health organization in North East England, NHS South of Tyne and Wear, has deployed 800 SanDisk Cruzer Enterprise secure flash drives as part of a layered approach to device security.

The organisation has responded to UK Government drives for improved data security in the public sector, and is using FrontRange Solutions’ Device Wall to control the transfer of information to encrypted devices, alongside McAfee endpoint encryption and the SanDisk USB pen drives.

It has replaced 800 flash drives with the encrypted devices and once port control across all endpoints is enabled, staff will only be able to use their authorised, issued drive.

This entry in the TrustedSource blog of SanDisk’s anti-virus partner, McAfee, talks about the continued rise of malware which exploits the Windows AutoRun feature to replicate onto removable media, such as USB thumb drives

Of course, our Cruzer Enterprise flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading.  But the blog entry makes the worthwhile point that other types of portable storage devices are also vulnerable to AutoRun worms, not just pen drives.

mp3 players, digital cameras and even digital picture frames are vulnerable, and what’s more, are just as likely as a thumb drive to be used in multiple machines — helping to spread the worm further. 

The message is, be careful when using any USB device – and keep your antivirus software up to date.

Network Products Guide, an industry-leading publication on information technologies and solutions, has named the Cruzer Enterprise with McAfee as a winner of its 2009 Product Innovation Awards, in the Portable Media category.

These awards recognize vendors whose innovative products bring essential changes to the information technology industry.  The Cruzer Enterprise with McAfee, introduced in October 2008, was the first USB security solution with onboard anti-virus scanning, protecting against worms, viruses and trojans that spread via removable storage media.

This capability is now a key element in endpoint and network security, thanks to the growth in malware which spreads via removable storage, including the Downadup / Conficker worm.

After several years when the malware threat was steadily diminishing, the latest quarterly threat report from our anti-virus partner McAfee shows that it’s on the rise again. 

Zombie computers, which are controlled remotely by spam botnets, grew by about 12 million PCs in the first quarter - a 50% increase since the last quarter of 2008, McAfee said.  This also exceeds the previous record by 1 million.

And while the much-discussed Conficker worm has yet to reveal a malicious payload or real threat following its rapid spread earlier this year, it is a sign of things to come, said the report.  AutoRun-based malware, which can use USB drives to spread to new PCs, was seen in far greater numbers than Conficker in Q1 2009 this quarter.

So it’s wise to use secure USB drives like our Cruzer Enterprise, that features onboard, integrated anti-virus scanning, to stop Auto-run malware spreading this way.

We’ve made some key updates to our solution range, and introduced an enhanced version of our CMC management software, which we are featuring at the Infosecurity show in London from 28th – 30th April.

All of our Cruzer Enterprise models now shipping are FIPS certified, offering corporate and government IT departments a valuable tool in securing and managing data.  The drives carry FIPS (Federal Information Processing Standard) 140-2 Level 2 certification for encryption.

The Cruzer Enterprise now comes in two versions: standard, and Cruzer Enterprise with McAfee Malware Protection.  The McAfee version helps protect users from infection with an automatic anti-malware scan prohibiting file transfers to the secure USB drive when it detects infection on a host PC.

Also, CMC version 3.0 is now available, giving more tools for distributing, protecting and recovering critical data.  The CMC agent resides on a company-issued Cruzer Enterprise drive, enabling corporate IT departments to manage the entire drive lifecycle from deployment, central back-up and restore, and central usage tracking to remote termination of lost drives.

If you’re attending Infosecurity, visit us on Stand E26.

Last week, Wired began reporting that the US Army has banned the use of USB drives after a worm that spreads by copying itself to thumb drives or other removable media infiltrated Army networks.

It’s not the first time malware has been spread through this vector. In May, 2007 the SillyFD-AA worm spread by copying itself onto removable media such as USB flash drives, then automatically running when that drive was connected to a PC. The following month, the LiarVB-A worm surfaced. Like the SillyFD-AA worm, it too spread by copying itself onto removable drives such as USB flash drives and running as soon as the device connected to a PC.

And more recently, in August 2008, NASA made headlines after the TGammima.AG worm infected a computer on the International Space Station. And how did it get there? Via a USB flash drive.

Read More »