Follow TTCU on

Financial Topics & Tips


Authorities Warn Not to Insert Found USB Drives into Your Computers

Those little data storage devices called USB or flash drives can really wreak a lot of havoc. They come in all shapes and sizes, different colors, and some even light up when they are inserted into a computer. They are also very intriguing when found lying around and that’s not good.

In fact, these little devices have been found to harbor all kinds of malware that gets downloaded to the computers into which they are inserted and often, the user is none-the-wiser.  The police in the Australian State of Victoria recently warned the locals that malware-laden USB drives were being left in their mailboxes. They were found to install fraudulent media streaming service offers and do other harms.

The advice to thwart this type of attack is to never insert one of these devices into your computers unless you know specifically what is on it or that you put it there yourself. Never plug one in that you just find unexpectedly or lying around. If you suspect it may belong to someone you know or have information you need or want, take it to your IT department or a technical support professional and let them find out what it stores. They often have computers available for scanning such items so that malware is not unleashed onto the network or your computer.

Just because the above incident happened in Australia, it doesn’t mean it can’t or doesn’t happen anywhere.

In fact, a security researcher demonstrated the dangers of inserting a random USB drive at the 2016 Black Hat Conference. She left nearly 300 of the little drives in various locations around the campus of the University of Illinois Urbana-Champaign just to see what would happen. The result was that almost half of those who found the drives actually inserted them into a computer and tried to open the file that was stored on it.

Jim Stickley of Stickley on Security was able to use a USB drive to download a file onto a locked Windows 10 computer in less than a minute. He did it as a demonstration to show how fast malware can get onto your computer. A criminal may not have those good intentions.

In yet another case, someone working for the Dutch chemical company DSM found an USB drive in the company parking lot.  That person did the right thing and took it to IT department where it was found to be a cyber-espionage attempt. It included a key-logger that could steal user names and passwords. It then sent that information off to an external location.


Reprinted with permission. © Copyright 2016 Stickley on Security