People who attend certain conferences around the world, especially those closely related to technology,
should know that some companies choose to offer the audience a press kit or additional information about
their products through USB flash drives because it's the easiest method to reach the information. However, it seems like even if you're attending a security conference, you're still in danger to get your computer infected through such free-for-all USB sticks. The folks at SearchSecurity reported that Telstra, a company which participated at AusCERT, chose to give the audience free USB flash drives, probably with the goal mentioned above.
However, some people were simply shocked to see that once they connected the sticks to their computer, the systems were almost instantly infected with some sort of malware coming from the flash drives. It appears that the USB devices offered by Telstra were delivered with pre-installed infections which were triggered once the sticks got plugged into the USB ports.
"It was only yesterday at a tutorial. Telstra handed out USB sticks which they didn't know were infected. As soon as they found out they recalled them," Claire Groves, the marketing manager of AusCERT, told SearchSecurity.
As usual, the USB flash drives infections are mostly based on the Autorun.inf file located on the sticks which could trigger the malware once users plug the device into the USB port of the computer. The way viruses propagate is pretty simple: once the user connects the flash drive to a clean computer, the malware is automatically copied to the system. All the other sticks which are then plugged into the infected computer are also compromised.
Obviously, the easiest way to stay protected in such a case is to use a powerful and up-to-date anti-virus that would be able to detect and stop the threat.
News Source: SoftPedia