Danger USB! Oz police warn of malware in the letterbox

Residents down under blighted by a plague of malicious USB sticks.

Malicious USB sticks

Police in Victoria, Australia, are warning computer owners to be on their guard… not against suspicious arrivals in their email inbox, but malicious USB sticks turning up in their letterboxes:

Members of the public are allegedly finding unmarked USB drives in their letterboxes.

Upon inserting the USB drives into their computers victims have experienced fraudulent media streaming service offers, as well as other serious issues.

The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices.

According to the report, residents of Melbourne suburb Pakenham have been the unfortunate recipient of the malware-laden thumb drives.

Of course, we’ve known that USB sticks can carry malware for many years and have long warned users against plugging unknown devices into their computers. The method was most infamously used in Stuxnet - a joint US/Israeli operation to disrupt systems at the Natanz uranium enrichment facility in Iran, and other victims of USB attack have included the United Nations Nuclear Agency in the past, amongst many others.

One of the most well-known tricks used by criminals and penetration testers is to leave a poisoned USB stick in the car park of the business they are targeting and wait for a curious employee to pick it up and plug it into their computer.

We’ve even seen boobytrapped USB sticks that can fry your computer hardware within seconds.

Astronauts have even transported malware-infected USB sticks or compact flash cards up to the International Space Station.

So, malware-laden USB sticks are a problem in every corner of the world, and even in orbit.

Every USB stick you receive should be treated with caution - as it could potentially carry a malicious payload as the residents of Pakenham have found out to their cost. Of course, if you have come into possession of an unsolicited USB drive then you should be particularly cautious about plugging it into your computer.

The one potential ray of sunshine in this security thunderstorm? Just how desperate must the criminals have been to target home owners in this way? In some ways it’s rather refreshing that they have had to go to the effort of buying USB sticks, planting malware on them, and then posting them through letterboxes in search of victims… it certainly sounds like harder work than the usual trick of spamming out attacks via email.

Tags: ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts


No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.