66% malware on lost USB drives

In an article on CSO.com.au a report from Sophos Australia is reported on. The anti-virus software company had bought 50 usb drives at a public transport auction, devices left on the Sydney trains, for analyses. When they wrote that 66% was infected with malware, I presumed that they were left behind consciously, but were they?

Loss of privacy sensitive data
No, apparently not. The article was mainly on privacy issues, that people are unaware of the risks they run when not securing their devices. The article gives a summary of content lost this way. Yes, this is a very important issue. We have heard about great loss of privacy sensitive data or military secrets lost on devices (and discs) in the recent past. Cyber awareness is still at a low ebb with a lot of people.

But what if?
The article gave rise to some reflection on my part.

1. The amount of malware on the usb drives
a. Was this in place when bought or
b. Is this a clear sign of the amount of pcs/laptops infected?

2. Spreading usb drives as source of infections
With the price of usb drives as low as it is, this is a way to infect other devices quickly. Whether through infection from the manufacturer or through distributing some devices on trains and other public places.

Mandatory pre-checks. A solution?
What about issuing, by law, information on how usb devices (external hard disks, etc) can be checked before use in combination with them not working before the mandatory check? Is this feasible or technically possible? It’s worth considering if society wants to be more secure.

Wout de Natris, De Natris Consult

Leiderdorp, Thursday 8 December 2011


About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Botnets, Cyber crime, Cyber security, News flash, Privacy and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s