Exterminating USB Worms with Policy
Malware spreading via USB devices is not a new phenomenon, but it is still effective.
According to McAfee's 2010 Q2 Threat Report, the most widely detected threat was the Genericlatr Trojan, AutoRun malware found on nearly 9 percent of machines scanned by the company worldwide. Then there is Stuxnet, Conficker and other malicious threats that have taken advantage of lax policies toward removable devices.
For enterprises and home users alike, it is important to lock down the attack vector.
"The use of USB as one means of a computer worm's propagation vectors has been seen as one of the most successful (when it comes to the extent and reach of actually affected regions), and has been used not only by the USB worms per se that we usually see in the APAC regions but by other high-profile worms as well," noted Ivan Macalintal, manager of Advanced Threats Research for Trend Micro.
Though policies are only half the battle, as illustrated here, there are certain things businesses should do. For one, organizations should disable the AutoRun feature for all removable devices. In addition, enterprises should make sure the use of USB drives is permitted only when necessary, advised Kevin Haley, director of Symantec Security Response.
Also, "if network shares are required then use unique non-intuitive passwords for their access [and] configure client security applications to scan devices when they are attached," Haley suggested.