 |
USB malware threat in the car park – finders keepers, users weepers?28 ,November, 2008 From Jina Roberts |
Here’s an interesting experiment that was done by a security consultant and writer for the US online security portal, Dark Reading back in summer 2006.
The experiment looked at if a company’s employees would try to see what data was on an unsecured USB flash drive that they found in their company car park.
20 USB drives were scattered on the company’s grounds, each loaded with a Trojan that, when run, would collect passwords and logins and email the findings back to the consultants.
After three days, 15 of the 20 had been plugged into the company’s PCs - risking USB malware spread, and showing just how easy it is for sensitive data to be viewed by unauthorised people.
When we did a USB security survey in April 2008, we found 12% of corporate end users reported finding a flash drive in a public place. Also, when asked what they would do if they found a flash drive in a public place, 55% indicated they would try to view the data on it - a USB malware opportunity.
Would the same proportion of people try and view the data on a flash drive they found now? Who knows? But human curiosity remains one of the biggest security risks.
Tags: USB malware
|
