The introduction of malicious code spreading through flash drives

Carelessness of people knows no bounds. Very many ordinary people who find the flash drive on the street, do not even think to hand over its findings to the department, the police or the IT department. Instead, they take the flash drive and connect with them in their own or, worse, a working computer. Experts in IT security long ago noticed this strange phenomenon and have suggested that such a "vulnerability" in human behavior can be exploited for easy and smooth penetration into the corporate network.
And recently, this method (again?) Was used for the real attack. The Dutch press reported that members of the local division of chemical company DSM began to find a USB-flash in the office parking lot - they lay on the ground, as if lost. The study of media revealed that the flash drive contains autorun file and malicious software, which should be removed from the working machine the user name and password - and send this information to a remote server.
In this case, by a strange coincidence, none of the staff did not put the flash drive into a working computer, although this behavior is to be expected for many users. The fact that criminals have resorted to this method of attack is already talking about its potential danger. Indeed, it is much easier and cheaper than trying to penetrate the corporate network via the Internet.
Drop an infected flash drive - not such a new idea. It is possible that the attackers used this tactic many years ago, just the news did not reach the media. Computer security experts Bruce Schneier says that the case of the DSM - the first time when he hears of such an attack .
Instead, you can use flash drives and other USB-devices infected with malicious software, which will cause the least suspicion of the IT-services: for example, keyboard or mouse .


Source: hak-club