Last weekend, veteran AV pro Rick Pillars, a frequent contributor to BML and owner of It’s a Rap Productions, started a Facebook post with these dreadful words: “So, a bad thing happened yesterday. I plugged my USB drive into the show computer.”
I asked Rick if I could use the brief but instructive story he related. He was kind enough to send me this greatly expand version so I could share it with you here:
Recently I was on showsite as a Video Engineer/Graphics Operator. I put my thumbdrive in what I was going to use as the primary graphics source so that I could load up some powerpoint grid slides. I routinely use those slides to properly align the projectors. It proved very difficult to do. It turned out that my thumbdrive at some point picked up a virus. I plugged in two other thumbdrives I had that had the grid slides on them. All I ended up doing was infecting them as well. At the time, I was unaware that a virus was a problem.
It was about that time that the client came and handed me the thumbdrive with all the presentations on it. Guess what happened. If you guessed that her thumbdrive was infected then you guessed correctly. Here are some of the symptoms. It turns the drive into a folder. Then it won’t open the folder.
Here’s something else the virus does. It installs a trojan virus. Like the Trojan horse in the myth, this particular virus is tailored to get you, the user, to put something into your camp/computer and then insert it’s own commands. A trojan will allow the hacker to access your computer and utilize it for whatever they choose to do. They can access files. If your computer is part of a trusted network they can access and infect the rest of the computers on that network. They can make your computer do stuff. Turn on the video camera without you knowing about it? Sure. What they normally do is fill up your hard drive with illegal programs and music and install an FTP server for others to log into for downloading. Another common practice is to create what is known as a BOT net. Your computer would be one of several thousand BOTs in the net. Then they would use it and the others to attack web sites with the intention of bringing that sites servers. It’s called a Distributed Denial of Service (DDOS). The servers get hit so fast and furious that it slows them down until they just grind to a halt. Websites such as Ebay, Amazon, CNN, and others have all been attacked like this. Most of them quite successfully. It is estimated that those companies lost potential tens of millions in revenue. Your trojan infected computer would be just one of many involved in the attack. All without your knowledge.
So, back to the thumbdrive aspect. We use them all the time in the meetings industry. They are everywhere. Every presenter usually has their presentations loaded on one. If their drive is infected, it will infect your computer. If your computer already has the virus, it will infect every drive after that. Thus spreading that particular virus. How can you tell? If you go into folder options and check off the ticks that Hide System Files and Hide normal File Extensions and then look at the drives folder. If you see a file that says autorun.inf and a new additional folder that wasn’t there before, then you are infected more than likely. Mine said autoRUN.inf and the folder labeled cold. Inside the folder was the virus and it was labeled hott. The autorun file tells your computer how and what to do with the virus. If you delete the files off the thumbdrive and even format the drive, the infected computer will automatically re-infect the drive. If you get rid of the virus on your computer, the drive will automatically re-infect it.
One possible solution was that you could go into the group policy and turn off the autoplay feature. This is the feature where as soon as you plug something into a USB port and something in the disk drive, the computer automatically indexes what’s on it and opens it up for you. Then you go thru certain steps to use Windows Explorer to access the drive. Unfortunately, lately the virus writers have caught onto that and have amended the autorun file to also follow the instruction if they are opened that way as well. The security experts at the leading anti-virus companies are still working on a solution. Do a google search for USB viruses like I did and you will find out what I did.
What can we do? Stop dropping our thumbdrive into every computer drive that we see. Email whatever it is we need on the other computer. Why have a thumbdrive anymore you ask? Exactly the question I ask myself everytime I try and cleanse these four thumbdrives. My 32GB, 16GB, and 4GB drive. Plus, the client just told me to keep her brand new 4GB drive since I infected it.
Rick is right when he says thumbdrives are everywhere in our industry. My response to his post on Facebook was, “That’s pretty scary. How often do we do a job that doesn’t involve promiscuous sticks?” Unfortunately, I don’t think it’s all that easy to reduce their use. Many of the clients I’ve worked with were subjected to draconian restrictions on the size of email attachments they could send. And what do you do when the Wi-Fi in the hotel meeting rooms isn’t up to the task. Besides, I’m not sure how comfortable I would be dropping the computer/corporate equivalent of “no glove, no love” on a client.